Security Basics mailing list archives

Re: SUDO vs root account question

From: Vladamir <wireless.insecurity () gmail com>
Date: Wed, 23 Mar 2005 14:26:26 -0500

Yes, if the user has full root access and is compromised, the attackerwill have full root access (the system doesn't know the differencebetween people unless you're using BioMetrics :) )


As for allowing a time limit..
IIRC the way to do it is:

timestamp_timeout= <timeout limit>

Tahis Vera wrote:

Hi all,
I have two quick questions related to the 'sudo' command;
putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
sudoers file, gives him COMPLETE root previleges? In other words, if I
want that some people, for security reasons, stop using the root
account/password for accessing the servers, by crating a sudo user
with ALL previledges will decrease this risk? If this sudo account  is
compromised, will the cracker have COMPLETE root previleges?

The other questions is how to set the time (in sudoers file) for the
user to work with sudo, without having to write the password (let's
say that I want to work for 20 minutes without having to write the
password again)

regards

Tahis

Current thread:

SUDO vs root account question Tahis Vera (Mar 23)
- Re: SUDO vs root account question Joe Polk (Mar 23)
- Re: SUDO vs root account question Louis Lerman (Mar 23)
- Re: SUDO vs root account question Jacob Bresciani (Mar 23)
- Re: SUDO vs root account question xyberpix (Mar 23)
- Re: SUDO vs root account question RichardR (Mar 23)
- Re: SUDO vs root account question Ian (Mar 23)
  - Re: SUDO vs root account question Ian (Mar 23)
- Re: SUDO vs root account question Vladamir (Mar 23)
  - Re: SUDO vs root account question Teresa Hasheminejad (Mar 24)
- Re: SUDO vs root account question Blaine Lefler (Mar 24)