In my opinion, as SL00b said, using 'sudo su -' or 'sudo bash' does the same that su does. On top of this, if you don't want the security risks associated with allowing multiple users full sudo access, just configure PolicyKit to use sudo (as Ubuntu does) and configure the users (other than you) to have certain admin rights, such as mounting/unmounting devices, but not others, for example deleting files or installing/removing software (though you might want those users to be able to install updates). This way, your system remains secure and you can still weigh the benefits of sudo access against the risks.
|
I use su to switch to root for admin stuff and when I'm done, I return to normal user. Just old school I guess.
I also do su -c "some command" which is similar to sudo command I have nothing against sudo. As for a policy, I don't need it. I'm the only one in the family that uses linux. My family uses that proprietary OS called windows. |
su works just fine for me. I have no desire to install/use sudo.
Quote:
|
root gui login or sudo
nether .I use "su -" |
Quote:
|
I've been using Linux a long time and before that Unix. I have never understood this apparent evilness of using root. Logging in as root is not a bad thing. You will not catch the plague.
I have been doing it for years. I log in, take care of business and log out. Using sudo or su - root is only a convenience thing for me that allows me to do rooty things while logged in as me. It also allows other users to do rooty things without having access to root. That access is mine and mine alone. :) |
I mainly use su, sometimes login as root, and rarely use sudo. In your two way poll of sudo vs. login as root, I don't know where su was supposed to fit. I answered "log in as root" because I think that is where su ought to fit.
|
Have a password with Uppercase/Lowercase/Numerals/Symbols that is at least 16 digits long. Then restrict password guesses to 3 at a time with a 5 minute timeout. Lock the server in a server case, that is locked in a room, that is locked in a building. Make sure to have an IDS like Snort. Make sure to have a traffic analyzer like wireshark/tcpdump. Use a syslog server/collector like Splunk. Review your logs every day. Change passwords tri-monthly at maximum.
These simple steps should allow you to log in as root without -too much- worry of someone compromising your system using brute-force password guessing. |
su - :)
|
Quote:
|
depends on the situation, either sudo or su then do the task, so yeah, both, mostly sudo though.
|
For me, it's the option you left out: su -
Logging in as root means too much logging in and out. Sudo means having to set up the facility in the first place: why bother when I can use "su"? |
Quote:
|
I login as root when needed, but then I'm not a sys admin or IT guy and the boxes are generally throw away lab machines.
Its a balance of risk, security, ease of use. Now on my machines at home, we run as unprivileged users and I grant elevated access(sudo, runas) when needed. I guess you can say that in that case I am working as IT/sysadmin, so lock things down more. Also, the assets on my home machine are more valuable and possibly even at a greater risk that the assets I manage at work. |
Quote:
And also, anytime that root logs in, sendmail should send out a page to you saying "Someone has just su'd or logged in as root on xxx.xxx.xxx.xxx" |
All times are GMT -5. The time now is 06:49 PM. |