Re: As seen above: use of su vs sudo
On Tuesday 07 August 2018 15:08:34 Nemeth Gyorgy wrote:
> 2018-08-07 14:50 keltezéssel, The Wanderer írta:
> > But it's more secure to require a second password to do elevated
> > things than to permit doing those things with the same password as
> > is used for ordinary activities.
>
> Then use other pam backend module for sudo and not the 'common-auth'.
> There are lot of pam auth methods. You only have to create a second
> database which is supported by some of the libpam modules and modify
> /etc/pam.d/sudo
>
> In this case you still don't have to share a common root password
> (which is really bad) and can require a second password for doing
> elevated things.
How to do that should be written up and published at a google findable
site as this idea seems to offer an additional layer of security. But
one that you can still remember w/o painting it on the wall. I have one
jessie machine that has a long root pw, but sudo hasn't needed a pw
since a long time. Nor does it advise you in the shell prompt that its a
sudo -i empowered shell, and that bothers the hell outta me. Haveing
sudo ask for yet a 3rd password phrase of 60 or more chars (with no
objections to a word separating space here and there) to become active
seems like a good thing for security.
--
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: