sudoer vs superuser

Jonathan Berry berryja at gmail.com
Sat Apr 2 18:27:29 UTC 2005 

On Apr 1, 2005 12:41 PM, Matthew Miller <mattdm at mattdm.org> wrote:
> On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote:
> >  I would like to know if I give a user an ALL privilege in the /etc/sudoers
> >  does he become a superuser than ?
> >  isn't that risky ?
> 
> The user is effectively superuser, yes. However, it's somewhat better, since
> there's still an active step -- authenticating with your own credentials --
> required to switch into privledged mode.
> 

Well, it depends on how you set it up.  You can set it up to where you
have to give *your* password, *root's* password (assuming sudo to
root, it's actually the password of whomever you are trying to
"become"), or *no* password to use sudo (I believe Fedora's default is
your password as Matthew said).  Using your password or no password
essentially gives the user superuser access, but that does not mean
that the user is actually a superuser.
This makes things a little better than logging in as root.  Logging in
as root is discouraged because of some security risks, such as running
complex (read: potentially vulnerable) programs due to being logged in
(such as any of the programs involved with running X), accidentally or
unknowingly running malicious code (something you downloaded, say),
and user error (oops, I really didn't want to run "rm -fr /").  As far
as these considerations go, using "sudo" is the same as using "su -",
so in this sense, the user is not a superuser.
A user with sudo privileges must use sudo to do anything that requires
superuser privileges, and this can be a little more secure because all
sudo activity is logged and the user does not need to know the root
password (if so configured).  So if you trust the user, then it should
be safe to setup.  If you require the users' password to use sudo,
then if someone comes along while the user is logged in and away from
the computer, they will still need a password to use sudo and have
superuser privileges.  One problem is, the user can do "sudo su -" and
then have a root shell, the activities of which are not logged.  To
echo Mike, look at "man sudo" for more considerations.

Jonathan

More information about the fedora-list mailing list