sudo and /etc/sudoers

Derek Broughton derek at
Tue Dec 30 16:36:50 UTC 2008

jdow wrote:

> From: "Derek Broughton" <derek at>
> Sent: Monday, 2008, December 29 15:27
>> jdow wrote:
>>> I'd feel safer with that sort of configuration if the sudo program had
>>> an option to use a second password list that had a second unique
>>> encrypted password for each of the sudoers. Then if your password is
>>> cracked the person still can't get at sufficient root level tools to
>> It would be pretty pointless, for the same reason that we don't want to
>> be handing out the root password to everybody - _some_ (probably most) of
>> your
>> users would just set the password to be the same as their user password.
>> If
>> you did anything to prevent that, they'd either set it to the closest
>> possible permutation of their user password, or write it down.
> Write it down == firing offense.

That's Res's argument.  In the first place, I've worked in places (banks) 
where that's true, and I never knew anyone to get even a warning about 
writing down a password.   But more importantly, if you fire someone for 
writing down a password, it's already too late - the offense has been 

> The sudo password would have to be assigned via a password generator or
> password approval tool. (So should the main password, in which case
> both should be generated in one session.)

See, you get to that stage and even I start saying just don't give me the 

> When I was doing stuff that required the most security I found myself
> learning about a dozen different lock combinations, some push-button
> locks and some really good GSA approved security padlocks - every 6
> months. It can be done - unless you young whippersnappers are dumber
> than I was at your age. (With that load I never DID memorize my
> drivers license number.)

I've still got phone numbers and license numbers from decades ago running 
around my head - and I still can never remember the plate on my car.

I can memorize as many passwords as I need (thankfully - a KMail crash 
somehow trashed KWallet last week), and really so can most people, but they  
_won't_, and any security scheme has to balance between the security 
provided by having good keys, and the fact that users will bypass the keys 
if they think it's too hard.

More information about the ubuntu-users mailing list