On Fri, May 22, 2009 at 09:45:05PM +0000, Glyn Astill wrote: > > 'ALL=(ALL) ALL' is no more dangerous than having the 'su' binary > > available. > > > > The NOPASSWD option is not the default. > > No. For su they'd have to enter the root password, for sudo su they'd > just have to enter the password of the current user and they are root.
And what I'm saying is that in the most likely attack scenario for this type of user--remote exploit of an essentially single-user system through an application running under a regular account, such as a web browser or a word processor--it isn't magically harder for an attacker to obtain the root password than it would be to obtain the regular user's password. Both would typically have to be obtained through the same process. If you're worried about brute-force attacks on a user's password, that's one thing. But most basic desktop systems, such as the one the OP was describing, are not running SSH or other remote-login services. With the type of attack vector this type of user should be concerned about, two passwords does not equal twice the security. -- Mark Shroyer http://markshroyer.com/contact/ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
