sudo functionality and security
Derek Broughton
news at pointerstop.ca
Tue Jun 5 14:55:10 UTC 2007
Greg Booth wrote:
> Hi all.I was wondering if anyone had any specific reason we should use
> sudo instead of actually switching to root.Does not removing all files
> starting at / work the same doing it as root or using sudo ?
Of course it does.
> What's the
> reasoning behind putting a layer between the user and root ?
This comes up tiresomely often.
Sudo gives you accountability (there's a log of every use), and it gives
you granularity (I can give a sudo user access to any specific command - or
even, iirc, some commands at certain times of day). You don't have to give
_everybody_ who must execute some root command the root password.
On a single user system, those make no difference - but there's simply no
reason to bother setting a root password. It gives hackers a point of
entry (with the default setup, a hacker must find both a valid username
_and_ a password, with "root", he already has the username) and it's no
easier to use "su" at a command line than "sudo su" or "sudo -i".
--
derek
More information about the kubuntu-users
mailing list