su or sudo su?
Patrick O'Callaghan
pocallaghan at gmail.com
Mon Oct 18 17:38:20 UTC 2010
On 10/18/10 12:01 PM, Suvayu Ali wrote:
> On Monday 18 October 2010 09:15 AM, James Mckenzie wrote:
>> su - exposes the root password and is generally discouraged. sudo
>> does not but exposes which users have this privilege. Logins
>> through unsecured means should be disabled or very closely
>> controlled. Most SAs now disable or remove unsecure login processes
>> at build time.
>>
> I am not sure how it is insecure, could you elaborate? At least to me
> giving (limited/full) root privileges to an ordinary user seems a lot
> more risky.
>
> The way I understand it if I have the following in my /etc/sudoers
> file,
>
> %<user_group> ALL=(ALL) ALL
>
> then there is no difference (other than the logging) between how the
> command is executed as compared to,
>
> $ su -
> Password:
> #<command>
>
> If my understanding is correct, I fail to see the source of the
> insecurity.
It's the Principle of Least Privilege. 'sudo' allows the sysadmin to let
specified users execute certain otherwise privileged commands, at a
fairly fine grain of control. Of course letting anyone execute anything
is like no security at all.
poc
More information about the users
mailing list