sudo vs su

I've heard arguments that the sudo (super user do) command is more secure than the su (switch user) command. However, the moment sudo is used to grant full administrator (i.e. user ID 0, or root user) privileges, while prompting for a user password (or worse, no password, such as through pam_wheel), it is less secure. When the user account is compromised, potentially so is root's: a user account is not guarded as carefully as root's is. The benefit of logging is irrelevant with sudo -i: auditing should be used to monitor root's activity.

macOS and Ubuntu default to the sudo command for administration, (instead of the su command). However, the benefit of sudo is providing a subset of root/administrative privileges to a user. Disabling the root account entirely does have some benefit in the macOS and Ubuntu implementation, but it is trading one security vulnerability for another.

Default Red Hat and SUSE behaviour is sane. By default, SUSE prompts for the root password when running sudo. Red Hat doesn't add users to /etc/sudoers by default. Configuration is left to the root administrator.

©2015, 2019 David Egan Evans.