Re: su or sudo su?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 10/18/10 12:01 PM, Suvayu Ali wrote:
> On Monday 18 October 2010 09:15 AM, James Mckenzie wrote:
>> su - exposes the root password and is generally discouraged.  sudo
>> does not but exposes which users have this privilege.  Logins
>> through unsecured means should be disabled or very closely
>> controlled.  Most SAs now disable or remove unsecure login processes
>> at build time.
>>
> I am not sure how it is insecure, could you elaborate? At least to me
> giving (limited/full) root privileges to an ordinary user seems a lot
> more risky.
>
> The way I understand it if I have the following in my /etc/sudoers
> file,
>
> %<user_group>   ALL=(ALL)       ALL
>
> then there is no difference (other than the logging) between how the
> command is executed as compared to,
>
> $ su -
> Password:
> #<command>
>
> If my understanding is correct, I fail to see the source of the
> insecurity.
It's the Principle of Least Privilege. 'sudo' allows the sysadmin to let 
specified users execute certain otherwise privileged commands, at a 
fairly fine grain of control. Of course letting anyone execute anything 
is like no security at all.

poc
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux