Security of using sudo rather than su?
Alexander Skwar
listen at alexander.skwar.name
Sun Sep 17 12:48:32 UTC 2006
ยท Dennis Kaarsemaker <dennis at kaarsemaker.net>:
> On do, 2006-09-14 at 13:46 +0200, Alexander Skwar wrote:
>> Dennis Kaarsemaker <dennis at kaarsemaker.net>:
>> > Because normally, root *can* login over ssh and 'root' is a very
>> > well-known username.
Actually, that's wrong. root normally *cannot* do this.
>> > So sudo actually doubles security by having to
>> > guess both a username and a password instead of just a password.
>>
>> Hm. But you have to guess only one username and one password, while
>> without sudo, you have to guess one username and two passwords.
>>
>> How is the security doubled when using sudo?
>
> Without sudo you have to guess 0 usernames and 1 password.
Pardon? Without sudo, you have to guess 1 username and 2 passwords.
To be exact, you've got to guess the username of the user, his password
and the root password. This makes 1 username and 2 passwords.
So, after having clarified this, how is the security doubled when using
sudo?
Alexander Skwar
--
genlock, n.:
Why he stays in the bottle.
More information about the ubuntu-users
mailing list