[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

sudo question



Hi.. I defined sudoers file as 

# sudoers file.
#
# This file MUST be edited with the 'visudo' command
as root.
#

# User privilege specification
root    ALL=(ALL) ALL
jim     ALL=(ALL)       ALL
Defaults logfile=/var/log/sudolog

So Jim as root access, but I found Jim can modify the
log file /var/log/sudolog as well using sudo.  How to
prevent it from change the log file?

Question 2. I saw the following article, don't you
feel it is stupid configuration. If Jim need to know
root password to use sudo why not let he su to root ? 


# Defaults specification
Defaults:jim    timestamp_timeout=0, runaspw,
passwd_tries=1

This changes three things. First, "jim" needs root's
password to run sudo (because of "runaspw"). Second,
the password will not be remembered
(timestamp_timeout), and he gets only one chance to
enter it (the default is three tries).






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]