[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo questions

On 15/08/13 01:30, François Patte wrote:
> I think that sudo system is less secure than the old system "root account".
> 1) Anybody with sudo root permission (as it is the case for the first
> person using sudo after an installation) can do "sudo bash" and he can
> run as many commands as he wants as root.

Not necessarily true. You can set up users with permission to run
specific commands, and decide whether or not they will need to enter
their password.

> 2) John Doe's password on the system may be cracked more easily than
> root's password because John Doe will certainly make internet
> connections and during such a connection his password can be
> intercepted; root on a machine has no reason to connect as root to a
> remote system.   So anyone catching John doe password can logon as root
> on a system and compromise it.

By internet connections, you mean ssh? If you use ssh keys, none of that
can be intercepted. Even if you use a password with ssh, your password
is not transmitted in the clear.

If you're using that password for things like website logins, that's
another issue that needs addressing.

By using su, with root's password, that means everyone who has root has
full root and knows the same password, so that will have to be changed
if they are to be blocked, which means communicating the new password to
all the required users.

I don't like having any password shared between multiple people. The
only reason for having a root password is for emergency logins on the
console, when everything else is broken. For that, the root password is
on paper, locked in a safe.

Sudo is much simpler/better for general use IMHO.


Reply to: