Security of using sudo rather than su?

[Adam Funk]

On 2006-09-14, Alan McKinnon <alan at linuxholdings.co.za> wrote:

> sudo suffers from a flaw as far as easy configuration is 
> concerned - there are no sane defaults. i.e. if you try to come 
> up with some sane defaults, you won't find any.
>
> It's up to the admin of a machine to consider the users and 
> services on the machine and do the right thing for that setup. 
> Hence the only possible default - members of the admin group 
> can become root and do any root things they wish.

Good point.

> Besides, security is a relative concept anyway, and those who claim
> that one of these models is better or worse than the other just
> because, usually has no foggiest idea of what they are talking about
> or what happens in real life.

Note: I wasn't claiming su was better than sudo --- I was asking for
criticism.


> By example: every personal workstation I have looked into in the
> last year has had the SAME password for the main user and
> root. EVERY SINGLE ONE. The users say they get fed up having to
> remember more than one password.

<groan>


> Some of them keep the same password on all machines for years...

I'm under the impression that forcing users to change passwords very
frequently (and I realize you're not necessarily advocating *frequent*
changes) is bad for security --- because the increased cognitive load
leads them to pick lower-quality passwords than they might otherwise
use and to try to rotate them (e.g. 4lm0nds1 -> 4lm0nds2 -> 4lm0nds3
and so on until the system will let them use the first one again).