Re: SUDO vs root account question

[Louis Lerman <lblerman () gmail com>]

Tahis -

First off, the "Mr X ALL=(ALL)ALL" line will allow Mr.X to run any
command as any user on any server. So I do not know if you want to all
this.

I recently had to aid some SysAdmins at my company restrict users
access via SUDO. I found this page, http://www.courtesan.com/sudo/,
very helpful as it had an example /etc/sudoers file,
http://www.courtesan.com/sudo/sample.sudoers, that should be able to
guide you to limit users access via SUDO as it enabled me to create
the appropriate entries in the /etc/sudoers file.

Regards,

Louis


On Wed, 23 Mar 2005 10:47:30 +0200, Tahis Vera <tahis.vera () gmail com> wrote:
> Hi all,
> I have two quick questions related to the 'sudo' command;
> putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
> sudoers file, gives him COMPLETE root previleges? In other words, if I
> want that some people, for security reasons, stop using the root
> account/password for accessing the servers, by crating a sudo user
> with ALL previledges will decrease this risk? If this sudo account  is
> compromised, will the cracker have COMPLETE root previleges?
>
> The other questions is how to set the time (in sudoers file) for the
> user to work with sudo, without having to write the password (let's
> say that I want to work for 20 minutes without having to write the
> password again)
>
> regards
>
> Tahis