Using /etc/sudoers and /etc/sudoers.d, it is possible to limit the operations that an user can do as a superuser.
It is even possible to configure some operations as ones not requiring him to enter his password. See 'man 5 sudoers'. On Tue, 2019-06-18 at 09:23 +0300, Shlomo Solomon wrote: > This has bothered me for years and I decided to "get it off my > chest". > > For many years I used su to do administrative tasks, but "everyone" > uses sudo and the claim is that it's more secure than actually > logging > in as root. > > In principal, of course, root login is not a good thing, but let's > remember something I've never seen discussed. I would assume that on > most systems the root password is MUCH more secure than that of a > regular user. Now if I give user david sudo privileges, anyone who > cracks david's (weak) password now has access to root privileges. > > And before anyone says that this is only a one-time authorization, > what > if the guy who cracked david's password now does: > sudo passwd root > > So what's so secure about using sudo? -- "Prior to capitalism, the way people amassed great wealth was by looting, plundering and enslaving their fellow man. Capitalism made it possible to become wealthy by serving your fellow man." - Walter E. Williams My own blog is at https://tddpirate.zak.co.il/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at https://www.zak.co.il/spamwarning.html _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
