One user, two passwords?
Scott Kitterman
kubuntu at kitterman.com
Wed Sep 6 15:46:00 UTC 2006
On Wed, 06 Sep 2006 10:27:36 -0300 Derek Broughton <news at pointerstop.ca>
wrote:
>Scott Kitterman wrote:
>
>> Sorry. I can't let this pass....
>>
>> All the ways sudo may be more secure start out with a user doing
something
>> dumb. More resistant to users forgetting to exit the root account, but
>> how is one password away from root access more secure than two passwords
>> away from root access?
>
>In a word, logging. There is no way to make any system that requires only
>password access to the superuser harder to access than by giving it _some_
>password. However, logging the access _is_ additional security.
>
>su is not "two passwords away from root access". From inside your user
>account, su or sudo are both exactly one password away.
Yes, from inside a user account. The difference being with sudo they
already have that password and with su they don't (as long as one doesn't
pick the same password for usser and root).
With the standard Ubuntu server setup and SSH added in a dictionary
attacker needs to guess one password. With a root account and no root
login set for SSH, then it's two.
For a desktop, sudo is probably better (I use it there), but for an
internet exposed server managed by a competent admin it's not.
Scott K
More information about the kubuntu-users
mailing list