Security of using sudo rather than su?
Derek Broughton
news at pointerstop.ca
Thu Sep 14 18:45:01 UTC 2006
Felipe Alfaro Solana wrote:
>> > 3. Third, I configure sudo so that user's have to supply root password
>> > (not theirs).
>> >
>> Sorry, I just can't see any way that this "improves" security. If users
>> are to be allowed to perform administrative tasks, it is a really,
>> Really,
>> REALLY, bad idea to make sudo use the root password. Then you have to
>> _give_ them the root password. Then they can simply login as root, have
>> access to all admin functions, instead of just the ones you want them to
>> have, and never have to worry that you're logging their actions. This is
>> not security.
>
> For servers where there are multiple administrators, sure this is not
> a good idea. However, I was talking about single-user machines, like
> desktop machines.
Same problem. Either you trust them to do anything on their own system - in
which case whether or not there's a "root" account with a password is
moot - or you shouldn't be handing them the root password. Even the
Windows XP Pro system I'm using right now, prevents me from accessing one
or two administrative functions.
--
derek
More information about the ubuntu-users
mailing list