sudoer vs superuser

Jeff Vian jvian10 at charter.net
Mon Apr 4 03:26:09 UTC 2005


On Sat, 2005-04-02 at 12:27 -0600, Jonathan Berry wrote:
> On Apr 1, 2005 12:41 PM, Matthew Miller <mattdm at mattdm.org> wrote:
> > On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote:
> > >  I would like to know if I give a user an ALL privilege in the /etc/sudoers
> > >  does he become a superuser than ?
> > >  isn't that risky ?
> > 
> > The user is effectively superuser, yes. However, it's somewhat better, since
> > there's still an active step -- authenticating with your own credentials --
> > required to switch into privledged mode.
> > 
> 
snip
> superuser privileges.  One problem is, the user can do "sudo su -" and
> then have a root shell, the activities of which are not logged.  To
> echo Mike, look at "man sudo" for more considerations.
> 

Anyone who sets up sudoers to allow that command should be shot.

The idea behind sudo is to allow those users who are trusted to have a
limited set of commands to run and to provide for tracking/auditing.

Allowing anyone to use sudo with ALL commands is the same as giving them
the root password (and only as secure as their user password).  VERY
RISKY!

> Jonathan
> 




More information about the fedora-list mailing list