[plug] sudo

[Dean Holland]

Alex Nordstrom wrote:
> 
> Although, supposing the attack vector is SSH, any sensible configuration 
> should prohibit root logins, which means an attacker would have to 
> figure out (1) an SSH-allowed user (2) the user's password and
> (3) root's password. In this respect, sudo is less secure, as it omits 
> the third requirement.

Assuming you configure sudo to allow unrestricted access to all 
privileged commands.

sudo is useful if you want to give a user/group access to certain 
privileged commands without setting the suid bit on that command (which 
would give everyone privileged access).

It's also useful if you are using it in a true multi-user environment - 
if multiple people have root access and one does something malicious it 
makes it tricky to track down who did it if more than one person is 
logged in at once as root. With sudo it logs to /var/log/secure.log so 
you can smite whoever abuses it, though it is moot if the sudo user has 
access to stop/kill syslogd :)

Dean


> ------------------------------------------------------------------------
> 
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au