![]() ![]() This is why it's not the default configuration for sudo. With sudo's default configuration, you only have to change the sudoers file and/or remove the user from the sudo group. It is also harder to revoke root access from just one person - you have to change the root password and let everyone know what the new password is. Once someone has the root password, they can either login as root or use it with su. Having the root password is potentially far more dangerous than just being allowed to run certain commands as root. You don't have to give out the root password. Sudo makes it easy to allow users to run some, but not all, commands as root, and Some would consider this a security risk because it undermines two of the main purposes of using sudo rather than su, which are: Having said that I was unaware of the power of sudoers, some users mentioned that you could specify which commands can be run with sudo (while leaving out some commands restricted to the root user only). Hence my reasoning to have it ask you for the root password. One could run any root command by simply typing their user password, which I thought defeated the purpose of root to begin with. My experience with sudo was on systems where sudo was simply a "synonym" for su. I do think that this may not apply to multi-user systems. Does the rationale make more sense in this context? I am running a personal Linux Machine, where I am the only user. However, could this be considered a security risk?Īnd if is not, why isn't this the default configuration in most distros? Mainly because I believe it makes sense that if you want to execute a root command, you should know the root password. I've set up my sudoers so that it asks the root password instead of the user password everytime I use sudo. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |