dmcgarrett at optonline.net
Sun Jan 1 18:33:59 UTC 2012
On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:
> On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>>> root is disabled, and it does not have a passwd. if you really want to
>>> use "root", just set a passwd for it.
>> You can do this, but it is not a good idea. The major security advantage
>> of Unix OS's over Windows is afforded by their disabled root accounts
>> inaccessible to outside intruders. Keep it that way, unless you have a
>> truly compelling reason to risk your root account's security for.
> Very few attacks on Unix/Linux systems try and guess the root password.
> Most attacks take advantage of known flaws in processes running with
> root privileges. With a strong password it is nearly impossible to guess
> the root password. So from a security standpoint having a password on
> the root account is not opening up a lot of risk. Since using "su -" on
> a host with a root password or "sudo -i" on a host with a locked root
> account are functionally equivalent, why have a password on root which
> you need to remember?
> On the other hand logging in as root (or sudo -i to root) and doing all
> your work as root is risky, since every program you run is at an
> elevated privilege. If you download a program or execute an email
> attachment as root, then all security bets are off. This BTW was the
> major attack vector for viruses and worms into Windows systems before
> they introduced a degree of privilege separation. sudo is a nice tool
> which makes you aware of the programs you want to run with root
> privileges. In my view it keeps you from doing really dumb things.
I'm trying to learn something here: as I understand it, sudo
gives you root privileges, so what's the difference between
su (password) and sudo (password) except that sudo
privileges disappear after 5 minutes, and su leaves you
in root forever unless you type exit. What am I missing?
(I am mostly using a distro other than Ubuntu, which does
not let me have sudo anymore 8-( . I would really like to
have it back!)
More information about the ubuntu-users