About root or administrative account

[Derek Broughton]

David B Teague wrote:

> I do not yet understand why the Ubuntu way, sudo, with the USER's
> PASSWORD, is not less safe than having a different root password. I
> think the ordinary user who does an administrative task should have to
> use the root password.  

Then ask yourself this - is it more secure to hand out one password to
multiple users, or to expect each user to have his own password and keep it
secret?

That's the core of security with sudo.  If I have to let 3 people have the
root password, how do I know that they aren't passing it out to others to
help them do _their_ jobs?  I can't stop somebody passing out his own
password, either, but with sudo I _can_ tell, from the logs, which user id
was used to perform an administrative action, so if they're sharing their
passwords, or not keeping them secure, they take the blame.

> Someone pointed out that sudo gives logging, 
> which will give some tracking, useful after the fact, but is in fact,
> not safer.

No, it _is_ safer, precisely for the reason noted above.  Root passwords are
insecure because there's no accountability.  As they say, there's no such
thing as a shared secret.
> 
> The logging that you get with sudu helps, and that with a single user,
> there isn't a lot of difference in security between having a root log-in
> and separate password and having a disabled root loging and using sudo
> with the user password as Ubuntu does.

True.

> though I
> think sudu was available for administrative tasks, I am not sure I knew
> about it. I do know I never used it.

sudo used, also, to require the root password.
-- 
derek