I'm not so sure it's exclusively for security... I think it's more like a Windows approach, so you can have an administrative user... but without having the second root password. And, by not having any root password at all, you get around having to explain to the user 'You need to have a very secure root password' - since nobody can compromise the system by logging in as root.
For an experienced linux admin, I think there's little (if any) security advantage to having a sudo-only setup. For a new user, I think it's a large advantage, since you are protecting your 'Administrator' account... which, by the way is also a user account for daily use. Speaking from my own experience, all my computers where I have root access I've set up sudo to work for my main account, and disallowed root ssh, which I think improves system security (albeit slightly) by removing that one, guaranteed username that people use to infiltrate. They can dictionary and brute force attack all they want, but if my root password is not set, they will never log in. On Thu, Nov 20, 2008 at 9:25 PM, David Wade Hagar <[EMAIL PROTECTED]>wrote: > > I would agree with you on that had I not experienced it myself. I could > never figure out the difference in the security context. > > I have experienced it in both Gnome Terminal and the TTY command prompt. > > - David Wade Hagar > http://twitter.com/titanshadow > > Sent from Palm Centro using ChatterMail via AT&T. > > -----Original Message----- > From: Bryan Smith <[EMAIL PROTECTED]> > Date: Thursday, Nov 20, 2008 1:54 pm > Subject: [lug:13633] Re: true root (was: Which Linux OS is better?) > To: [email protected] > > I think you guys have this "true root" concept wrong...your scripts might > not like the tty rather than the fact that you are running the > script from sudo. The instance of the tty is the issue not whether it was > ran from sudo. > > That's really the issue...I can't think of any other factors beyond that. > > > > > -- Daniel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
