Security of using sudo rather than su?
Olaf Stein
stein.175 at osu.edu
Thu Sep 14 18:17:05 UTC 2006
>3. Third, I configure sudo so that user's have to supply root password
(not theirs).
How do I do this?
Thanks
Olaf
-----Original Message-----
From: ubuntu-users-bounces at lists.ubuntu.com
[mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of Felipe Alfaro
Solana
Sent: Thursday, September 14, 2006 12:53 PM
To: Ubuntu user technical support, not for general discussions
Subject: Re: Security of using sudo rather than su?
> I've read the official explanation of the locked root account [1] and
> it still seems to me that this system can reduce security (in
> comparison with the traditional approach) because an attacker
> (especially a remote attacker) can gain root privileges by cracking
> one password (the main user's) rather than two (since normally root
> isn't allowed to log in over ssh).
>
> Why is this view wrong?
I don't know, but I agree with you:
1. First, I don't allow root login except locally on trusted consoles.
2. Second, I set a password for root.
3. Third, I configure sudo so that user's have to supply root password (not
theirs).
So, in order to get access, you need to guess:
1. One user name
2. That user's password
3. root's password.
--
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
More information about the ubuntu-users
mailing list