Using sudo - best practice

[fingal]

Hello there,

I'm about to set up a home broadband connection (and believe me this is long overdue!) I've been thinking about security a lot, and I've hardened my system using Bastille, and I've been testing my passwords out using a neat little programme called 'John the Ripper'.

A lot of people in here have talked about using sudo instead of root for carrying out system admin tasks. My machine is just one desktop box, which will just be a straight broadband internet workhorse.

If I delegate all of root's privileges to one user (me) isn't this more of a security risk? After all, if someone got hold of my user password they could sudo my files away!!?

Would it be better to:
- just not use sudo
- only delegate a few root commands to it (but which ones?)
- not worry about this

I've searched for an answer to this question, but I'm not happy with what I found so far, so all help appreciated.

[jimbaloo]

If you are going to be carrying out a particular task, or tasks, that need root privileges on a regular basis, say mounting a drive, you should add that privilege to your regular user account. If on the other hand you don't use anything needing root access regularly you should just forgo sudo and use su when you need to perform administrative. It is a bad idea to give a regular user account total root privileges.

[fingal]

Thanks for your answer! I'll do as you advise