SV: sudoer vs superuser
Mattias Pettersson
Mattias.Pettersson at nordicwebradio.com
Mon Apr 4 06:15:03 UTC 2005
>Anyone who sets up sudoers to allow that command should be shot.
>The idea behind sudo is to allow those users who are trusted to have a
>limited set of commands to run and to provide for tracking/auditing.
>Allowing anyone to use sudo with ALL commands is the same as giving them
>the root password (and only as secure as their user password). VERY
>RISKY!
Hence why I said I wouldn't recommend it. For my own user (as in myself) I have it like that, but not without password. Without password I would only allow for very limited access. If my account would get hacked I wouldn't really like it to be to easy to gain root access. And 'sudo su -' is a wee bit overstated.. try 'sudo bash' or equivelent and you have a rootshell. If you have ALL = (ALL) that is.
Mattias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050404/b0ac9c0b/attachment-0001.htm>
More information about the fedora-list
mailing list