On Apr 29, 2008, at 11:25, Andreas Förster wrote:
Why working with sudo is safer than working as root is not clear to me. After all, the danger is not in root but in the uneducated user. If you're paranoid, you can keep using sudo until you get stuck and then switch to root.
There are two reasons why it is safer to use sudo and not have a root account:
1) A root account increases the risk of attacks from the outside. Since the name of the account is known to everybody ("root"), an attacker need only guess or steal the password. On a system maintained through sudo, an attacker needs to guess/steal a) the name of an administrator account with sufficient privileges and b) the associated password.
2) With sudo, the precise rights for everyone can be defined in /etc/ sudoers. On a well-configured machine (which is of course a theoretical ideal), no account would accumulate all the rights of the root account. This would both reduce the risk of mistakes and the risk of attacks from the outside.
On a machine without a root account, "sudo -s" will run a shell with the user's sudo privileges, which should (at least on the perfectly configured machine) be a good replacement for doing work normally done under a root account.
Konrad. -- --------------------------------------------------------------------- Konrad Hinsen Centre de Biophysique Moléculaire, CNRS Orléans Synchrotron Soleil - Division Expériences Saint Aubin - BP 48 91192 Gif sur Yvette Cedex, France Tel. +33-1 69 35 97 15 E-Mail: [EMAIL PROTECTED] Web: http://dirac.cnrs-orleans.fr/~hinsen/ ---------------------------------------------------------------------
