sudo, not su.
C. Scott Ananian
cscott at laptop.org
Fri Dec 21 13:27:00 EST 2007
I think people misunderstand the core problem: if root does not have a
password, then *any activity on the system* can gain root privileges
by su'ing to root. By restricting 'root login' to the olpc user via
sudo, it becomes simple to restrict the activities which can gain root
privileges, because our security system runs activities as their own
UIDs. This is the key difference in using sudo, not whether the root
account is 'well known', etc etc.
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list