One user, two passwords?
Derek Broughton
news at pointerstop.ca
Wed Sep 6 17:03:56 UTC 2006
Scott Kitterman wrote:
> On Wed, 06 Sep 2006 10:27:36 -0300 Derek Broughton <news at pointerstop.ca>
> wrote:
>>
>>su is not "two passwords away from root access". From inside your user
>>account, su or sudo are both exactly one password away.
>
> Yes, from inside a user account. The difference being with sudo they
> already have that password and with su they don't (as long as one doesn't
> pick the same password for usser and root).
That's misleading. If you're talking about an _outsider_ getting access to
your system, you should first of all be relying on better security than
just a password. Nobody can use a dictionary attack to get to my system by
ssh. For an insider, you're giving them intentional access to superuser
applications - you either do it by giving them the root password, or by
giving the user sudo access to those apps. In either case, what password
they use is the least of the security issues.
> For a desktop, sudo is probably better (I use it there), but for an
> internet exposed server managed by a competent admin it's not.
If you don't use it, you've got no logging of who's doing what as root, or
any way to restrict them to a subset of the possible commands.
Which makes me think that this might be a way to use a single uid with
different usernames - I'm not sure whether sudo uses usernames or uids to
validate access.
--
derek
More information about the kubuntu-users
mailing list