suvayu ali <fatkasuvayu+linux@xxxxxxxxx> wrote: >Sent: Oct 18, 2010 12:30 PM >To: James Mckenzie <jjmckenzie51@xxxxxxxxxxxxx>, Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> >Subject: Re: su or sudo su? > >Hi James and Patrick, > >On 18 October 2010 09:40, James Mckenzie <jjmckenzie51@xxxxxxxxxxxxx> wrote: >> Suvayu Ali <fatkasuvayu+linux@xxxxxxxxx> wrote: >>>I am not sure how it is insecure, could you elaborate? At least to me >>>giving (limited/full) root privileges to an ordinary user seems a lot >>>more risky. >> >> Which is what you are doing with the file below. >>> >>>The way I understand it if I have the following in my /etc/sudoers >>>file, >>> >>>%<user_group> ALL=(ALL) ALL >>> >> Wow. I would love to be a user on your system. If you understand what sudo does, this would be VERY different. Not to >>say I would do anything destructive, but access to critical files is exposed to all users, including the default ones and >>this is a very big security problem. Of course, I expect that you have taken steps to secure your system by changing all >>default passwords, assigning strong passwords to all users and using /bin/false for all users that are not supposed to >>log into your system. >> > >Okay I see now where I misunderstood you. My system is my desktop, and >I'm the only user. I was thinking of privileges in the context of the >command being executed whereas you were speaking about privileges in >the context of access to all commands. > Yes, you have to think like the enemy (crackers) to get around what they may or may not try to do. If your system is connected to the Internet, you are always subject to attack, even if you don't think you are a 'big fish'. So you have to lock down to the least privilege and leave it at that. Strong password (15+, 2 upper case, 2 numbers, 2 symbols, squirrel noises optional (I just had to throw that one in there) all accounts and disable those not in use (do not remove them as they are there to serve a purpose unless you KNOW they are not going to be used.) sudo is a well known 'hole' in most systems and crackers will break a weak-password protected account and then sudo to root to reek havoc and destruction, plant rootkits and all other sorts of nasty-ness. So which should I use? sudo or su - Depends on what you want to do and the level of security you can live with. The difference between the two was explained a long time ago. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines