Re: server is always getting hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Michael A. Peters wrote:
> Sander Snel wrote:
> 
>> 10. use sudo instead of su -
> 
> How does that help?

I still don't understand how using sudo instead of su makes it more secure.

If the user does not have the root password that the only danger to su - 
is brute force from local account, but you can protect against that, and 
the same issue exists with sudo.

With sudo, very often the password is same as the admin's password - so 
if the admin account is brute forced the cracker then can use sudo to 
gain root.

What would be a security enhancement would be to borrow the bsd su which 
only allows you to su to root from a wheel group account.

I never understood why gnu su didn't implement that.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux