Security Basics mailing list archives
Re: SUDO vs root account question
From: RichardR <randjunk () gmail com>
Date: Wed, 23 Mar 2005 21:44:06 +0000
Hi Tahis
putting a certain user Mr.X with ALL=(ALL)ALL permissions in the sudoers file, gives him COMPLETE root previleges? In other words, if I
of course, this will give your Mr.X the privilegies of root, thats why you should use this with care and choose whom is authorized to perform as a root-privilege.
want that some people, for security reasons, stop using the root account/password for accessing the servers, by crating a sudo user with ALL previledges will decrease this risk? If this sudo account is
sudo decreases surely the risk to compromise actions as a root user when some one is connected as a common user.
compromised, will the cracker have COMPLETE root previleges?
if the sudo is compromised or even your sudo-commands are compromised, you will of course give a wide door opened on crackers to perform attacks as root. check out if there is not rootkits installed on your system and perform a tripwire check to make sure the integrity of your system, before publishing sudo commands to users.
The other questions is how to set the time (in sudoers file) for the user to work with sudo, without having to write the password (let's say that I want to work for 20 minutes without having to write the password again)
If we set timestamp_timeout to -1, "Mr.X" will only have to prove that he knows the password once. After that, it will not be forgotten, even if he logs out. But I dont know if we can set a time delay in this field.. # #Defaults:Mr.X timestamp_timeout=-1 # otherwise you have a good tutorial on using sudo here http://www.aplawrence.com/Basics/sudo.html Cheers, -- Richard RANDRIA CNRS/IN2P3/LPNHE Jussieu - Paris VI IT Soft/System Engineer Researcher --
Current thread:
- SUDO vs root account question Tahis Vera (Mar 23)
- Re: SUDO vs root account question Joe Polk (Mar 23)
- Re: SUDO vs root account question Louis Lerman (Mar 23)
- Re: SUDO vs root account question Jacob Bresciani (Mar 23)
- Re: SUDO vs root account question xyberpix (Mar 23)
- Re: SUDO vs root account question RichardR (Mar 23)
- Re: SUDO vs root account question Ian (Mar 23)
- Re: SUDO vs root account question Ian (Mar 23)
- Re: SUDO vs root account question Vladamir (Mar 23)
- Re: SUDO vs root account question Teresa Hasheminejad (Mar 24)
- Re: SUDO vs root account question Blaine Lefler (Mar 24)