[sf-lug] sudo "vs." su (was: GKsu has long been EOLed)

Michael Paoli Michael.Paoli at cal.berkeley.edu
Sat Feb 16 18:17:47 PST 2019


> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: [sf-lug] GKsu has long been EOLed
> Date: Sat, 16 Feb 2019 10:53:03 -0800

> Quoting Akkana Peck (akkana at shallowsky.com):
>
>> You make an excellent point. I'd just been taking this "allowing
>> ssh as root is horribly dangerous" gospel without examining it.
>
> And, if you think about it, the way Ubuntu and similar distributions use
> sudo is pretty questionable from a security standpoint, too:  It
> conditions the user to think of root privilege as just a bureaucratic
> detail with a command prefix, and not even requiring a separate
> password.  IMO, it makes root mishaps _more_ likely, not less.

Another thing worth remembering with sudo(ers), for better and/or worse,
It does also have option:
      rootpw            If set, sudo will prompt for the root password instead
                        of the password of the invoking user when running a
                        command or editing a file.  This flag is off by
                        default.
sudoers(5)
So ... *if* one wants to have access from user to root use/require root
password rather than that of user, that *is* an option that sudo(ers)
supports.  So, that might be quite to highly suitable where one wants
to use sudo for such access, but wants that to be limited to user(s)
that can also show they know / have access to the root password.




More information about the sf-lug mailing list