root user

doug dmcgarrett at optonline.net
Sun Jan 1 18:33:59 UTC 2012 

On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:
> On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>>> root is disabled, and it does not have a passwd. if you really want to
>>> use "root", just set a passwd for it.
>>>
>>> command:
>>>
>>
>> You can do this, but it is not a good idea. The major security advantage
>> of Unix OS's over Windows is afforded by their disabled root accounts
>> inaccessible to outside intruders. Keep it that way, unless you have a
>> truly compelling reason to risk your root account's security for.
> Very few attacks on Unix/Linux systems try and guess the root password.
> Most attacks take advantage of known flaws in processes running with
> root privileges. With a strong password it is nearly impossible to guess
> the root password. So from a security standpoint having a password on
> the root account is not opening up a lot of risk.  Since using "su -" on
> a host with a root password or "sudo -i" on a host with a locked root
> account are functionally equivalent, why have a password on root which
> you need to remember?
>
> On the other hand logging in as root (or sudo -i to root) and doing all
> your work as root is risky, since every program you run is at an
> elevated privilege.  If you download a program or execute an email
> attachment as root, then all security bets are off.  This BTW was the
> major attack vector for viruses and worms into Windows systems before
> they introduced a degree of privilege separation.  sudo is a nice tool
> which makes you aware of the programs you want to run with root
> privileges. In my view it keeps you from doing really dumb things.
>
I'm trying to learn something here:  as I understand it, sudo
gives you root privileges, so what's the difference between
su (password) and sudo (password) except that sudo
privileges disappear after 5 minutes, and su leaves you
in root forever unless you type exit.  What am I missing?
(I am mostly using a distro other than Ubuntu, which does
not let me have sudo anymore 8-(   . I would really like to
have it back!)

--doug

More information about the ubuntu-users mailing list