I'm not an expert, but I found out that if I login as a regular user, I use sedo only when necessary. But when I login as root (which I do) I am root all the time. This may cause problems if by mistake I enter a command which might cause a big damage as root, but not a big damage as a regular user. Such as, for example, rm -f. So the security issue is also for me entering as a legitimate user and accidentally writing a wrong command. Which will probably not happen with sedo. Especially when sedos require for me to enter my password.
Anyway, some servers I manage I am able to login as root and some not, as root login there is disabled. I'm not an expert is security but I think usually my servers are not cracked/hacked as long as I keep the passwords secure. If I login as root and don't make mistakes such as above, I don't see why logging in as root is less secure than sedo. By the way, sometimes I login as a regular user and then su. I don't remember if this option is enabled in all my servers. אורי u...@speedy.net On Tue, Jun 18, 2019 at 9:24 AM Shlomo Solomon <shlomo.solo...@gmail.com> wrote: > This has bothered me for years and I decided to "get it off my chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, what > if the guy who cracked david's password now does: > sudo passwd root > > So what's so secure about using sudo? > > -- > Shlomo Solomon > http://the-solomons.net > Claws Mail 3.16.0 - Kubuntu 18.04 > > _______________________________________________ > Linux-il mailing list > Linux-il@cs.huji.ac.il > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il >
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il