Keegan Quinn said on Wed, May 14, 2003 at 04:59:52PM -0700: > Think about a scenario in which this would actually make a difference. If > someone has cracked any admin's password, on a normal /etc/shadow-based > system, why couldn't they also crack root? Sure, perhaps one could be > sniffed, but that would point to another problem involving a lack of > encryption. One might argue that root should have a 'harder to crack' > password, but I would reply that administrators should be equally protected. In addition, most administrator's accounts are root equivilent anyway, due to group memberships, etc. For example, you may have a nightly cron that runs as root that's editable by the adm group, of which all admins are members. Getting root in that case is as simple as putting something in the cron that makes a suid shell binary somewhere. In short: I also think you're using sudo correctly, but you need to be aware that all of the admin accounts are probably root equivalent, even without sudo. M
Attachment:
pgpoB3_kYzNZ5.pgp
Description: PGP signature