On 2018-08-07 at 09:09, Nicolas George wrote: > The Wanderer (2018-08-07): > >> "su OPTIONAL_USERNAME -c 'YOUR_COMMAND'" > > The superiority of sudu over su in this particular case is that it > does not require an extra level of quoting. I don't consider that a significant downside; in some contexts, it may even be an advantage. >> But it's more secure to require a second password to do elevated >> things than to permit doing those things with the same password as >> is used for ordinary activities. > > That not necessarily true. A second password used for rare cases > often means a password on a post-it under the keyboard. An inclination in the direction of doing that would be a mark against that user being considered sufficiently trustworthy to have the elevated access to begin with. >> Not usually; this is a desktop machine, not a server. Most logins >> are done from a position of physical access. >> >> Also, part of my entire point is that the "let users type their >> password to confirm authorization to do elevated things" approach >> means that anyone who learns the user's password can *both* log in >> as the user *and* do those elevated things, which is clearly less >> secure than if that just made it possible to log in as that user. > > Anyone who learns the user's password can obtain the second password > pretty easily. How so? > Also, remember that what is really precious is access to user > accounts. Root access is only a means to access any user's account. > On a single-user machine, it is one and the same. There's a point there, but I do consider the rest of the system (beyond just the user's account) to be something worth securing, even on a single-user system. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature