[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: sudoer vs superuser

On Sat, 2005-04-02 at 12:27 -0600, Jonathan Berry wrote:
> On Apr 1, 2005 12:41 PM, Matthew Miller <mattdm mattdm org> wrote:
> > On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote:
> > >  I would like to know if I give a user an ALL privilege in the /etc/sudoers
> > >  does he become a superuser than ?
> > >  isn't that risky ?
> > 
> > The user is effectively superuser, yes. However, it's somewhat better, since
> > there's still an active step -- authenticating with your own credentials --
> > required to switch into privledged mode.
> > 
> superuser privileges.  One problem is, the user can do "sudo su -" and
> then have a root shell, the activities of which are not logged.  To
> echo Mike, look at "man sudo" for more considerations.

Anyone who sets up sudoers to allow that command should be shot.

The idea behind sudo is to allow those users who are trusted to have a
limited set of commands to run and to provide for tracking/auditing.

Allowing anyone to use sudo with ALL commands is the same as giving them
the root password (and only as secure as their user password).  VERY

> Jonathan

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]