magick.crow at gmail.com
Thu Jan 15 19:19:30 UTC 2009
On Thu, Jan 15, 2009 at 3:52 PM, Chris G <cl at isbd.net> wrote:
> On Thu, Jan 15, 2009 at 09:31:32AM -0500, Mark Haney wrote:
> > Chris G wrote:
> > >>
> > > It's one of the reasons I don't use sudo (no one has any sudo
> > > privileges) on my system. I also have ssh root access disabled.
> > >
> > > So, to get root access, an attacker using ssh has to first guess my
> > > (or another user) password and then guess the root password.
> > >
> > > (In addition ssh is only allowed from a few IP addresses but that's
> > > irrelevant to my comment above)
> > >
> > So basically, you have a typical secure linux setup, where to do any
> > thing with root, you have to log in as root?
> Yes, simple! :-)
> > For me, that's the most secure method of managing a system. Granted, it
> > isn't the most /convenient/ at times, but that's a sacrifice I'm willing
> > to make on the internet facing systems I have to manage.
> I personally find using sudo inconvenient. Maybe it's just a history
> of having worked on Unix (HP and Solaris) systems for so many years
> but sudo just seems like a workaround to me.
> Chris Green
I have often wondered about this. I mean I started with su and then went to
sudo with ubuntu. I see no real difference and if you want to can sudo into
root so that you don't have to type it all the time and you can set the
amount of time before you need to type the sudo password too.
I just accepted the DEV GOD's when they said sudo was better than su but I
never understood why that was so. I think it is a good point that most of us
home users just have the one password and one account. That is how it is at
my house even though I set it up for everyone, we just use the one. It makes
good sence to me that having 2 passwords, mine and the su is better than
just having my one password that works for me and for sudo.
My wife knows my password because it is the one used by all. That just
happens to be the one for sudo of course, thus she can give it, if it is
requested by something and she has no idea about computers!
One other point, I have 4 levels of passwords that are unfortunatly reused.
One is my system password, one is my bankS (My banks are really tight and
require 2 or 3 passwords to use the system so that is good!) password, one
is my high security net password and one is my low security net password.
This is not the best but at least better than using one for all as many do.
Douglas E Knapp
Amazon Gift Cards; let them choose!!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-users