sudo question
Matthew Miller
mattdm at mattdm.org
Mon Jun 13 12:28:13 UTC 2005
On Sat, Jun 11, 2005 at 12:06:10PM -0700, M E Fieu wrote:
> # User privilege specification
> root ALL=(ALL) ALL
> jim ALL=(ALL) ALL
> Defaults logfile=/var/log/sudolog
> So Jim as root access, but I found Jim can modify the
> log file /var/log/sudolog as well using sudo. How to
> prevent it from change the log file?
If Jim has full sudo access, Jim can do anything -- you'll have to trust
him. You could change syslog to log to a remote system, but even then,
that'd be easy to get around.
(You could also do something complicated with SELinux, but it'd be just that
-- complicated.)
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 82 degrees Fahrenheit.
More information about the fedora-list
mailing list