[GRLUG] Distro's - was GRLUG test comment
Tim Schmidt
timschmidt at gmail.com
Thu May 4 19:38:05 EDT 2006
On 5/4/06, Ron Lauzon <rlauzon at gmail.com> wrote:
> Not true, since you can brute force the first user's password too.
And how am I supposed to know who's account to brute-force? sudoers
is only readable by root.
It makes a big difference, especially when considering the logging
that sudo does, and automatically disallowing remote logins as root
(simply because the account's disabled).
I never said sudo was massively more secure. Just slightly.
> Yup. Security is never easy. But that's beside the point because this
> is a security procedure issue, not an Ubuntu issue.
Passing around root passwords because it's impossible to let a user
run just one application with elevated privileges without sudo or
something like it is not beside the point.
> > That said, you can simply add your mother to the sudoers file with
> > rights to run synaptic and nothing else.
> >
> In which case, you have a "privileged" user account and a "regular" user
> account and no root user account.
>
> So what's the difference between that and having a regular user account
> and root?
Ok... here's the drawing...
==you==
Root - no restrictions
User - many restrictions
==sudo==
Root - completely disabled
Admin - Regular user, ability to escalate privileges to do special stuff
User1 - Regular user, ability to run widgetfrobber with escalated
permissions because she needs it for her job, restricted otherwise
User2 - Regular user, many restrictions
--tim
More information about the grlug
mailing list