[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: sudoer vs superuser



On Sat, 2005-04-02 at 12:27 -0600, Jonathan Berry wrote:
> On Apr 1, 2005 12:41 PM, Matthew Miller <mattdm mattdm org> wrote:
> > On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote:
> > >  I would like to know if I give a user an ALL privilege in the /etc/sudoers
> > >  does he become a superuser than ?
> > >  isn't that risky ?
> > 
> > The user is effectively superuser, yes. However, it's somewhat better, since
> > there's still an active step -- authenticating with your own credentials --
> > required to switch into privledged mode.
> > 
> 
snip
> superuser privileges.  One problem is, the user can do "sudo su -" and
> then have a root shell, the activities of which are not logged.  To
> echo Mike, look at "man sudo" for more considerations.
> 

Anyone who sets up sudoers to allow that command should be shot.

The idea behind sudo is to allow those users who are trusted to have a
limited set of commands to run and to provide for tracking/auditing.

Allowing anyone to use sudo with ALL commands is the same as giving them
the root password (and only as secure as their user password).  VERY
RISKY!

> Jonathan
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]