On Mon, Mar 15, 2004 at 02:52:49PM -0800, Bill Moseley wrote: > Currently, my account where I spend most of my time is a normal account > and the only way to do root stuff is to su to root. If I use sudo (to > try and provide most admin functions) then I would worry because my > normal account then has more privileges that I'd want. Then someone only > need to gain access to my account instead of root. Can't ssh to root, > but can ssh to my account, etc.
But your setup has more or less the same properties: someone only has to gain access to your account, wait until you next type 'su', and then sniff your password. Easy. sudo with NOPASSWD makes it pretty blatantly equivalent, sure, but I would consider any account that regularly escalates to root to be security-equivalent to root. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
