Joris Huizer wrote: > Roberto C. Sanchez wrote: > >> Joseph Smidt wrote: >> >>> Is there any way to make the sudo password different from the login >>> password? Wouldn't that make it more secure? That would make two >>> passwords you have to get through to have root access vs. one. >> >> >> >> I like the approach which SuSE takes. It requires the *root* password >> to use sudo, not the user's password. >> > > Hmm, how then is that different from using su ? > It logs the actions. In reality, giving a user unrestricted sudo access is no different than giving the root password. In some cases, even restricted sudo access can be used to gain fill root access. The point is, you should not give sudo access to someone unless you trust them with a root shell. All you would need to do is execute something like `sudo bash`, `sudo sh`, `sudo su -`, etc. Anyhow, you get the idea. For me it is more an issue of being able to keep track of what happened when you have more than person with root access. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
Attachment:
signature.asc
Description: OpenPGP digital signature