[sudo-users] How does sudo improve security.

David Thiel lx at redundancy.redundancy.org
Sat Apr 9 19:23:47 EDT 2005


On Sun, Apr 10, 2005 at 09:16:28AM +1000, mlh at zipworld.com.au wrote:
> Yeah, I think that would not be a bad idea.  But definitely not
> the root password.

Agreed, that's not necessarily ideal. Perhaps an option to say 
"use the password of X account", a kind of dummy account that 
has a shell of /bin/false.

> But how much does it slow the cracker down?
> 
> If the account is compromised, the cracker can install a trojan
> in ~/bin and thence discover both passwords.

Yes, but it depends whether that user frequently uses root access. If it
only happens once a month or so, that's a whole month you'd have during
which the admin or the user could have the opportunity to detect someone
logging in unauthorized - even if it's as simple as the user noticing
"wait, I didn't actually last log in on X date...". It's certainly not
an amazing amount of security, but it's free.




More information about the sudo-users mailing list