Security of using sudo rather than su?
listen at alexander.skwar.name
Sun Sep 17 12:53:17 UTC 2006
· Karl Auer <kauer at biplane.com.au>:
> On Thu, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
>> How is the security doubled when using sudo?
> Security isn't just about cracked passwords. Security is about avoiding
> damage, whether intentional, malicious or accidental. Requiring sudo
> reduces the chances that a command will accidentally be carried out as
Uhm, no. As you can easily see on this list, a *lot* of suggestions/tipps
involve using sudo, even if it's not required. The way Ubuntu is set up
actually makes people run way too much stuff with sudo.
> Then there is the point that access to specific commands needing root
> access can be given to people. That is, they have root access, but only
> for a restricted set of actions.
Or you can easily give that kind of access to a different user. Say,
you've got a number of commands who are best run with a certain account,
you can easily set it up so, that the users can do "sudo -u user" to
run the command without giving away the password of "user".
> sudo can log who does what and when. That enables tracking of what
> commands were issued when and by whom. This has two good effects
Yes, it has.
> Keeping the number of people who can get general root access to a
> minimum is also good security.
They say never to buy a "0" release of software.
Windows 2000 has 3 of 'em.
-- A .sig spotted on an anti-Microsoft mailing list
More information about the ubuntu-users