SUDO

[Steve Phillips]

On 6/30/09, hike <mh1272 at gmail.com> wrote:
[lots of redundant stuff snipped]
>
> not really.
>
> any time the op oversteps his authorized usage of a machine, he has crossed
> the line.
>
> so, whether he is a user trying to gain root access or a sudo-er trying to
> gain root access, he is doing the same thing in either case--the gaining of
> increased right that he is now authorized to gain.
>
> just because the op has some rights (and we don't know that is the case),
> there is no approval beyond those rights; the taking of unapproved rights
> was the topic i was discussing and it appears that the op is purposing to
> take unapproved rights.

After re-reading your posts and the context its become quite apparent
that you are jumping to conclusions about how things could potentially
work in the real world.

(not to mention that your ambiguous abbreviations make things harder
to understand what it is exactly that you are trying to say, are you
implying that the op (original poster) is trying to hack the system or
the op (operator) or is there some other abbreviation of 'op' that I'm
unaware of ?)

As a real world example (and this is used a _lot_ in the dev
environments I work in) I have a server with a bunch of mates that I
trust to run anything as root. However, as I also change passwords
randomly and regularly and this includes the root password, I have
each user setup in the sudoers file so they can run anything as root -
including (and the most popular) sudo su - in order to become root.

I don't particularly care about logging what they do as I trust them
(as is the case at work as well in our development environments) and
to some degree, anyone that you give access to commands that run as
the root user will require some level of trust. If this person is
caught 'hacking' or 'gaining privileges above their station' then your
workplace code of conduct should come into effect - no longer a
technical problem. (in my case its delete their account and boot them
off the box until such time as they feel suitably contrite)

If you usage of the word 'op' refers to the original poster, then
you'd see that this person (obviously) has the ability to edit the
sudoers file and is wondering why, after he set it up, it was asking
for a password and not accepting his user one, to which it was pointed
out that he has possibly miss configured sudo adding an option to
sudoers that requests roots password not the users one. If this user
already has root in order to edit sudoers, why would you jump to the
conclusion that he is trying to 'hack' his own box ? trying to gain
privs higher than root ? um.. right.

Either way, I think you are stretching a little to come to the
conclusion that by using 'sudo su -' the 'op' is trying to hack the
box.

Just my $0.05

-- 
Steve.