1 |
On 9 Feb 2009, at 13:05, Heiko Wundram wrote: |
2 |
> ... even when he gets access to one of |
3 |
> your user accounts (who happen to be in group wheel), he still has |
4 |
> to guess |
5 |
> the root password (when doing su -) to be able to become root, and |
6 |
> hopefully |
7 |
> this buys you the time to see in your logs that someone tried local |
8 |
> "su" with |
9 |
> invalid passwords, which should always be a high priority alert. |
10 |
|
11 |
I have been using `sudo` over `su` for a long time because I felt it |
12 |
reduces the risk of staying too long logged in as root, doing |
13 |
something daft and damaging the system. |
14 |
|
15 |
However I have now many times found myself typing `sudo` commands |
16 |
automatically & sometimes inattentively, so that would seem to |
17 |
undermine that argument. |
18 |
|
19 |
Your point is very persuasive. I guess my remaining objection is that |
20 |
I have my .bashrc & .bash_profile just the way I like them, and using |
21 |
root would seem to require me to make any changes in two places. |
22 |
|
23 |
Stroller. |