What's so secure about sudo?

What's so secure about sudo?

אורי uri at speedy.net
Tue Jun 18 16:23:25 IDT 2019


I'm not an expert, but I found out that if I login as a regular user, I use
sedo only when necessary. But when I login as root (which I do) I am root
all the time. This may cause problems if by mistake I enter a command which
might cause a big damage as root, but not a big damage as a regular user.
Such as, for example, rm -f. So the security issue is also for me entering
as a legitimate user and accidentally writing a wrong command. Which will
probably not happen with sedo. Especially when sedos require for me to
enter my password.

Anyway, some servers I manage I am able to login as root and some not, as
root login there is disabled. I'm not an expert is security but I think
usually my servers are not cracked/hacked as long as I keep the passwords
secure. If I login as root and don't make mistakes such as above, I don't
see why logging in as root is less secure than sedo.

By the way, sometimes I login as a regular user and then su. I don't
remember if this option is enabled in all my servers.
אורי
uri at speedy.net


On Tue, Jun 18, 2019 at 9:24 AM Shlomo Solomon <shlomo.solomon at gmail.com>
wrote:

> This has bothered me for years and I decided to "get it off my chest".
>
> For many years I used su to do administrative tasks, but "everyone"
> uses sudo and the claim is that it's more secure than actually logging
> in as root.
>
> In principal, of course, root login is not a good thing, but let's
> remember something I've never seen discussed. I would assume that on
> most systems the root password is MUCH more secure than that of a
> regular user. Now if I give user david sudo privileges, anyone who
> cracks david's (weak) password now has access to root privileges.
>
> And before anyone says that this is only a one-time authorization, what
> if the guy who cracked david's password now does:
>        sudo passwd root
>
> So what's so secure about using sudo?
>
> --
> Shlomo Solomon
> http://the-solomons.net
> Claws Mail 3.16.0 - Kubuntu 18.04
>
> _______________________________________________
> Linux-il mailing list
> Linux-il at cs.huji.ac.il
> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20190618/c8df3199/attachment.html>


More information about the Linux-il mailing list