[GRLUG] Distro's - was GRLUG test comment

[Tim Schmidt]

On 5/4/06, Ron Lauzon <rlauzon at gmail.com> wrote:
> Tim Schmidt wrote:
> > And how am I supposed to know who's account to brute-force?  sudoers
> > is only readable by root.
> Then the attacker only has to do extra work to force the rest.
>
> Remember that if root password is forceable, then every other one is as
> well.

Agreed.  The difference is that a decent admin _should_ spot an
account being brute-forced.  It would take a brain-damaged admin to
spot them all being brute-forced.  Every little bit helps.

> To create a secure system, you still need a privileged user to maintain
> the system and a normal user to run regular apps under.  I see no
> noticeable difference in security between that and having root enabled.

There isn't in that configuration.  The difference in security is when
you have users in between those two privilage levels.

> sudo was created to let specific users run specific commands as another
> user.

Correct.

> And I'm still waiting for the response to my question:
> "So what's the difference between that and having a regular user account
> and root enabled?"

The extra privilages in between without divulging the root password.

> I am not saying "don't use sudo".  I am saying that I see no real
> difference in security between having a privileged account that can run
> any command as root with the root account disabled, and having the root
> account enabled and using su.

There isn't for regular desktop machines under most circumstances.

> As a matter of fact, I see less security because, by default, the ONLY
> active account on an Ubuntu install has complete access to the system.
> So unless the installer makes a conscious decision to set up yet another
> account without sudo access, he runs a greater risk of something messing
> up his system.

So allowing every account ever created on a machine the ability to
become root is safer how?

--tim