Re: SUDO vs root account question

[xyberpix <xyberpix () xyberpix com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes this can be done.
The one thing thing that you do have to bear in mind though, is that if 
you give user Mr.X ALL=(ALL)ALL permissions, the only thing stopping 
him from running:
"sudo su -" will be his password, I would much rather add all the 
commands that he is likely to need to /etc/sudoers than give any user 
full access, as you may as well just give them the root password in 
that case.
Feel free to mail me off list for any more questions, I may be a bit 
late in responding, but I will respond, things are just rather hetic 
atm.

xyberpix

On 23 Mar 2005, at 08:47, Tahis Vera wrote:

> Hi all,
> I have two quick questions related to the 'sudo' command;
> putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
> sudoers file, gives him COMPLETE root previleges? In other words, if I
> want that some people, for security reasons, stop using the root
> account/password for accessing the servers, by crating a sudo user
> with ALL previledges will decrease this risk? If this sudo account  is
> compromised, will the cracker have COMPLETE root previleges?
>
> The other questions is how to set the time (in sudoers file) for the
> user to work with sudo, without having to write the password (let's
> say that I want to work for 20 minutes without having to write the
> password again)
>
> regards
>
> Tahis
For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCQeJWcRMkOnlkwMERAozWAJ0fLEUypyJM9aP+FYtYQAe5SI+yCQCgiZAZ
eG152exkGrvea1azk2I7mH0=
=aH5+
-----END PGP SIGNATURE-----