sudoer vs superuser
Jeff Vian
jvian10 at charter.net
Mon Apr 4 03:26:09 UTC 2005
On Sat, 2005-04-02 at 12:27 -0600, Jonathan Berry wrote:
> On Apr 1, 2005 12:41 PM, Matthew Miller <mattdm at mattdm.org> wrote:
> > On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote:
> > > I would like to know if I give a user an ALL privilege in the /etc/sudoers
> > > does he become a superuser than ?
> > > isn't that risky ?
> >
> > The user is effectively superuser, yes. However, it's somewhat better, since
> > there's still an active step -- authenticating with your own credentials --
> > required to switch into privledged mode.
> >
>
snip
> superuser privileges. One problem is, the user can do "sudo su -" and
> then have a root shell, the activities of which are not logged. To
> echo Mike, look at "man sudo" for more considerations.
>
Anyone who sets up sudoers to allow that command should be shot.
The idea behind sudo is to allow those users who are trusted to have a
limited set of commands to run and to provide for tracking/auditing.
Allowing anyone to use sudo with ALL commands is the same as giving them
the root password (and only as secure as their user password). VERY
RISKY!
> Jonathan
>
More information about the fedora-list
mailing list