Security of using sudo rather than su?

Derek Broughton news at
Thu Sep 14 18:45:01 UTC 2006

Felipe Alfaro Solana wrote:

>> > 3. Third, I configure sudo so that user's have to supply root password
>> > (not theirs).
>> >
>> Sorry, I just can't see any way that this "improves" security.  If users
>> are to be allowed to perform administrative tasks, it is a really,
>> Really,
>> REALLY, bad idea to make sudo use the root password.  Then you have to
>> _give_ them the root password.  Then they can simply login as root, have
>> access to all admin functions, instead of just the ones you want them to
>> have, and never have to worry that you're logging their actions.  This is
>> not security.
> For servers where there are multiple administrators, sure this is not
> a good idea. However, I was talking about single-user machines, like
> desktop machines.

Same problem.  Either you trust them to do anything on their own system - in
which case whether or not there's a "root" account with a password is
moot - or you shouldn't be handing them the root password.  Even the
Windows XP Pro system I'm using right now, prevents me from accessing one
or two administrative functions.

More information about the ubuntu-users mailing list