LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   "su -" vs direct root login (https://www.linuxquestions.org/questions/linux-general-1/su-vs-direct-root-login-807541/)

forrestt 05-18-2010 11:57 AM
I have NO idea how allowing any user to su is any different from a security perspective than allowing root to log in at all. With su, you still have to provide the root password. This is the only missing piece of info in order to log in as root since as a user they can already find out the login name of user 0 (since any user can read /etc/passwd).

By default, sudo does NOT allow all users to become root. They have to be given that right. This can be done by putting them in a specific group (like 'wheel' in your example) and adding that group to sudoers, or by putting the user into sudoers explicitly. This is true if you run sudo on FreeBSD, Linux, Solaris, or any other platform.

Now, to the question of why you don't want to use the GUI as root. This is basically due to the security rule of "least privilege". If you run your GUI as root, you are running EVERYTHING you do with the highest possible privilege on your system. This isn't just the expected features of the software you run, but also the unintended features. You are running every bug on your system with total privilege to do maximum damage. If you run as a normal user, and only sudo those things that REQUIRE total privilege, you are only running the bugs that are in those particular programs with total privilege, and everything else with limited privilege.

HTH

Forrest

Linux_Kidd 05-18-2010 09:20 PM
i think this issue also changes when you run selinux because under selinux even root is "restricted"...


All times are GMT -5. The time now is 11:29 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page