Re: Sudo
On Tue 28 Jan 2020 at 10:16:18 (+0200), Andrei POPESCU wrote:
> On Lu, 27 ian 20, 13:01:17, Patrick Bartek wrote:
> > On Mon, 27 Jan 2020 18:21:30 +0200 Andrei POPESCU <andreimpopescu@gmail.com> wrote:
> > >
> > > In the typical sudo setup the root account is locked, so both su and
> > > root logins are disabled.
> >
> > My point is that sudo is more of a security "hole" since it only
> > requires a user's password which in my experience are less secure since
> > most users create short, easy to remember ones.
>
> That assumes the root password of these users would be significantly
> more secure.
>
> Even if it were, once the user account is compromised it would be easy
> to trick users into providing their root password to a fake 'su'.
My view is that more damage is done to home systems by the sysadmins
than by external malice, so anything that protects the system from
such damage is a useful resource. I think that selective sudo¹
provides one way of reducing damage by separating critical operations
(done by su'ing to root) from the benign day-to-day maintenance
done using sudo.
¹ by selective sudo I mean
$ sudo some-command …
$
rather than the locked-up sudo-only scheme that you can select with
the debian-installer. I'm not familiar with the latter.
Cheers,
David.
Reply to:
- Follow-Ups:
- Re: Sudo
- From: Andrei POPESCU <andreimpopescu@gmail.com>
- References:
- Sudo
- From: "Harold Hartley" <wheelie207@ownmail.net>
- Re: Sudo
- From: Patrick Bartek <nemommxiv@gmail.com>
- Re: Sudo
- From: Paul Johnson <baloo@ursamundi.org>
- Re: Sudo
- From: Patrick Bartek <nemommxiv@gmail.com>
- Re: Sudo
- From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: Sudo
- From: Patrick Bartek <nemommxiv@gmail.com>
- Re: Sudo
- From: Andrei POPESCU <andreimpopescu@gmail.com>