Security of using sudo rather than su?

Derek Broughton news at pointerstop.ca
Thu Sep 14 18:07:06 UTC 2006


Felipe Alfaro Solana wrote:

> 3. Third, I configure sudo so that user's have to supply root password
> (not theirs).
> 
Sorry, I just can't see any way that this "improves" security.  If users are
to be allowed to perform administrative tasks, it is a really, Really,
REALLY, bad idea to make sudo use the root password.  Then you have to
_give_ them the root password.  Then they can simply login as root, have
access to all admin functions, instead of just the ones you want them to
have, and never have to worry that you're logging their actions.  This is
not security.

Using either sudo or su doesn't automatically make your system secure, but
using sudo does make it _possible_ for you to secure your system.  Handing
out root passwords does not.
-- 
derek





More information about the ubuntu-users mailing list