[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo password vs. login

Joris Huizer wrote:
> Roberto C. Sanchez wrote:
>> Joseph Smidt wrote:
>>> Is there any way to make the sudo password different from the login
>>> password?  Wouldn't that make it more secure?  That would make two
>>> passwords you have to get through to have root access vs. one. 
>> I like the approach which SuSE takes.  It requires the *root* password
>> to use sudo, not the user's password.
> Hmm, how then is that different from using su ?

It logs the actions.  In reality, giving a user unrestricted sudo access
is no different than giving the root password.  In some cases, even
restricted sudo access can be used to gain fill root access.  The point
is, you should not give sudo access to someone unless you trust them
with a root shell.  All you would need to do is execute something like
`sudo bash`, `sudo sh`, `sudo su -`, etc.  Anyhow, you get the idea.

For me it is more an issue of being able to keep track of what happened
when you have more than person with root access.


Roberto C. Sanchez

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: