[CentOS] server is always getting hacked

Wed Jul 1 14:18:08 UTC 2009
Stuart Jansen <sjansen at gurulabs.com>

On Wed, 2009-07-01 at 01:20 -0700, Michael A. Peters wrote:
> I still don't understand how using sudo instead of su makes it more secure.

As implemented by Ubuntu and others, sudo does nothing to make things
more secure. In fact, as you pointed out, it can be less secure.

However, sudo has the capability to grant fine grained access. For
example, one could configure sudo so that operators are able to launch
backups as root but not start a shell or edit the web server config
files. This capability is what earned sudo its reputation for being more
secure. Sadly too many people chant "sudo is more secure" without
understanding the conditions necessary to make that statement true.

John R. Dennison has already pointed out that it is trivial to configure
su on CentOS to require wheel.