Security of using sudo rather than su?

[Alexander Skwar]

· Karl Auer <kauer at biplane.com.au>:

> On Thu, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
>> How is the security doubled when using sudo?
> 
> Security isn't just about cracked passwords. Security is about avoiding
> damage, whether intentional, malicious or accidental. Requiring sudo
> reduces the chances that a command will accidentally be carried out as
> root.

Uhm, no. As you can easily see on this list, a *lot* of suggestions/tipps
involve using sudo, even if it's not required. The way Ubuntu is set up
actually makes people run way too much stuff with sudo.

> Then there is the point that access to specific commands needing root
> access can be given to people. That is, they have root access, but only
> for a restricted set of actions.

Or you can easily give that kind of access to a different user. Say,
you've got a number of commands who are best run with a certain account,
you can easily set it up so, that the users can do "sudo -u user" to
run the command without giving away the password of "user".

> sudo can log who does what and when. That enables tracking of what
> commands were issued when and by whom. This has two good effects

Yes, it has.

> Keeping the number of people who can get general root access to a
> minimum is also good security.

Of course.

Alexander Skwar
-- 
They say never to buy a "0" release of software.
Windows 2000 has 3 of 'em.

   -- A .sig spotted on an anti-Microsoft mailing list