The Wanderer (2018-08-07): > I don't consider that a significant downside;
Maybe your uses are too limited for you to experience it. > in some contexts, it may > even be an advantage. No, it may not. With sudo, adding "sh -c" allows to emulate su's behaviour. On the other hand, su cannot emulate sudo's behaviour at all. > An inclination in the direction of doing that would be a mark against > that user being considered sufficiently trustworthy to have the elevated > access to begin with. I was referring to the real world, not wishful thinking. > > Anyone who learns the user's password can obtain the second password > > pretty easily. > How so? Just insert a fake su in their path. There are more subtle ways. > There's a point there, but I do consider the rest of the system (beyond > just the user's account) to be something worth securing, even on a > single-user system. Maybe. But it does not need to be *more* secure than the user's account. Regards, -- Nicolas George
signature.asc
Description: Digital signature
