Michael A. Peters wrote: > Sander Snel wrote: > >> 10. use sudo instead of su - > > How does that help? I still don't understand how using sudo instead of su makes it more secure. If the user does not have the root password that the only danger to su - is brute force from local account, but you can protect against that, and the same issue exists with sudo. With sudo, very often the password is same as the admin's password - so if the admin account is brute forced the cracker then can use sudo to gain root. What would be a security enhancement would be to borrow the bsd su which only allows you to su to root from a wheel group account. I never understood why gnu su didn't implement that.