root user

Johnny Rosenberg gurus.knugum at gmail.com
Sun Jan 1 18:47:56 UTC 2012


2012/1/1 doug <dmcgarrett at optonline.net>:
> On 01/01/2012 11:45 AM, Smoot Carl-Mitchell wrote:
>>
>> On Sun, 2012-01-01 at 11:05 -0500, AV3 wrote:
>>>
>>> On Jan/1/2012 6:5435 AM, Earthson wrote:
>>>>
>>>> root is disabled, and it does not have a passwd. if you really want to
>>>> use "root", just set a passwd for it.
>>>>
>>>> command:
>>>>
>>>
>>> You can do this, but it is not a good idea. The major security advantage
>>> of Unix OS's over Windows is afforded by their disabled root accounts
>>> inaccessible to outside intruders. Keep it that way, unless you have a
>>> truly compelling reason to risk your root account's security for.
>>
>> Very few attacks on Unix/Linux systems try and guess the root password.
>> Most attacks take advantage of known flaws in processes running with
>> root privileges. With a strong password it is nearly impossible to guess
>> the root password. So from a security standpoint having a password on
>> the root account is not opening up a lot of risk.  Since using "su -" on
>> a host with a root password or "sudo -i" on a host with a locked root
>> account are functionally equivalent, why have a password on root which
>> you need to remember?
>>
>> On the other hand logging in as root (or sudo -i to root) and doing all
>> your work as root is risky, since every program you run is at an
>> elevated privilege.  If you download a program or execute an email
>> attachment as root, then all security bets are off.  This BTW was the
>> major attack vector for viruses and worms into Windows systems before
>> they introduced a degree of privilege separation.  sudo is a nice tool
>> which makes you aware of the programs you want to run with root
>> privileges. In my view it keeps you from doing really dumb things.
>>
> I'm trying to learn something here:  as I understand it, sudo
> gives you root privileges, so what's the difference between
> su (password) and sudo (password) except that sudo
> privileges disappear after 5 minutes, and su leaves you
> in root forever unless you type exit.  What am I missing?
> (I am mostly using a distro other than Ubuntu, which does
> not let me have sudo anymore 8-(   . I would really like to
> have it back!)
>
> --doug

I guess the su-people means that it's a little bit annoying having to
type ”sudo” in front of every command instead of typing ”su” only
once. TO me it became a habit, so it doesn't bother me much.


Kind regards

Johnny Rosenberg
ジョニー・ローゼンバーグ




More information about the ubuntu-users mailing list