[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

sudo question

Hi.. I defined sudoers file as 

# sudoers file.
# This file MUST be edited with the 'visudo' command
as root.

# User privilege specification
root    ALL=(ALL) ALL
jim     ALL=(ALL)       ALL
Defaults logfile=/var/log/sudolog

So Jim as root access, but I found Jim can modify the
log file /var/log/sudolog as well using sudo.  How to
prevent it from change the log file?

Question 2. I saw the following article, don't you
feel it is stupid configuration. If Jim need to know
root password to use sudo why not let he su to root ? 

# Defaults specification
Defaults:jim    timestamp_timeout=0, runaspw,

This changes three things. First, "jim" needs root's
password to run sudo (because of "runaspw"). Second,
the password will not be remembered
(timestamp_timeout), and he gets only one chance to
enter it (the default is three tries).

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]