On 15/08/13 01:30, François Patte wrote: > I think that sudo system is less secure than the old system "root account". > > 1) Anybody with sudo root permission (as it is the case for the first > person using sudo after an installation) can do "sudo bash" and he can > run as many commands as he wants as root.
Not necessarily true. You can set up users with permission to run specific commands, and decide whether or not they will need to enter their password. > 2) John Doe's password on the system may be cracked more easily than > root's password because John Doe will certainly make internet > connections and during such a connection his password can be > intercepted; root on a machine has no reason to connect as root to a > remote system. So anyone catching John doe password can logon as root > on a system and compromise it. By internet connections, you mean ssh? If you use ssh keys, none of that can be intercepted. Even if you use a password with ssh, your password is not transmitted in the clear. If you're using that password for things like website logins, that's another issue that needs addressing. By using su, with root's password, that means everyone who has root has full root and knows the same password, so that will have to be changed if they are to be blocked, which means communicating the new password to all the required users. I don't like having any password shared between multiple people. The only reason for having a root password is for emergency logins on the console, when everything else is broken. For that, the root password is on paper, locked in a safe. Sudo is much simpler/better for general use IMHO. Richard -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/520c38c2.70...@walnut.gen.nz
