On 10/18/10 12:01 PM, Suvayu Ali wrote: > On Monday 18 October 2010 09:15 AM, James Mckenzie wrote: >> su - exposes the root password and is generally discouraged. sudo >> does not but exposes which users have this privilege. Logins >> through unsecured means should be disabled or very closely >> controlled. Most SAs now disable or remove unsecure login processes >> at build time. >> > I am not sure how it is insecure, could you elaborate? At least to me > giving (limited/full) root privileges to an ordinary user seems a lot > more risky. > > The way I understand it if I have the following in my /etc/sudoers > file, > > %<user_group> ALL=(ALL) ALL > > then there is no difference (other than the logging) between how the > command is executed as compared to, > > $ su - > Password: > #<command> > > If my understanding is correct, I fail to see the source of the > insecurity. It's the Principle of Least Privilege. 'sudo' allows the sysadmin to let specified users execute certain otherwise privileged commands, at a fairly fine grain of control. Of course letting anyone execute anything is like no security at all. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
