[sudo-users] How does sudo improve security.
David Thiel
lx at redundancy.redundancy.org
Sat Apr 9 19:23:47 EDT 2005
On Sun, Apr 10, 2005 at 09:16:28AM +1000, mlh at zipworld.com.au wrote:
> Yeah, I think that would not be a bad idea. But definitely not
> the root password.
Agreed, that's not necessarily ideal. Perhaps an option to say
"use the password of X account", a kind of dummy account that
has a shell of /bin/false.
> But how much does it slow the cracker down?
>
> If the account is compromised, the cracker can install a trojan
> in ~/bin and thence discover both passwords.
Yes, but it depends whether that user frequently uses root access. If it
only happens once a month or so, that's a whole month you'd have during
which the admin or the user could have the opportunity to detect someone
logging in unauthorized - even if it's as simple as the user noticing
"wait, I didn't actually last log in on X date...". It's certainly not
an amazing amount of security, but it's free.
More information about the sudo-users
mailing list