1 Jul
2009
1 Jul
'09
10:20 a.m.
Michael A. Peters wrote:
Sander Snel wrote:
- use sudo instead of su -
How does that help?
I still don't understand how using sudo instead of su makes it more secure.
If the user does not have the root password that the only danger to su - is brute force from local account, but you can protect against that, and the same issue exists with sudo.
With sudo, very often the password is same as the admin's password - so if the admin account is brute forced the cracker then can use sudo to gain root.
What would be a security enhancement would be to borrow the bsd su which only allows you to su to root from a wheel group account.
I never understood why gnu su didn't implement that.