Re: SUDO vs root account question

[RichardR <randjunk () gmail com>]

Hi Tahis

> putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
> sudoers file, gives him COMPLETE root previleges? In other words, if I

of course, this will give your Mr.X the privilegies of root, thats why
you should use this with care and choose whom is authorized to perform
as a root-privilege.

> want that some people, for security reasons, stop using the root
> account/password for accessing the servers, by crating a sudo user
> with ALL previledges will decrease this risk? If this sudo account  is

sudo decreases surely the risk to compromise actions as a root user
when some one is connected as a common user.

> compromised, will the cracker have COMPLETE root previleges?

if the sudo is compromised or even your sudo-commands are compromised,
you will of course give a wide door opened on crackers to perform
attacks as root.
check out if there is not rootkits installed on your system and
perform a tripwire check to make sure the integrity of your system,
before publishing sudo commands to users.

> The other questions is how to set the time (in sudoers file) for the
> user to work with sudo, without having to write the password (let's
> say that I want to work for 20 minutes without having to write the
> password again)

If we set timestamp_timeout to -1, "Mr.X" will only have to prove that
he knows the password once. After that, it will not be forgotten, even
if he logs out. But I dont know if we can set a time delay in this
field..

#
#Defaults:Mr.X    timestamp_timeout=-1
#

otherwise you have a good tutorial on using sudo here 
http://www.aplawrence.com/Basics/sudo.html

Cheers,
-- 
Richard RANDRIA
CNRS/IN2P3/LPNHE Jussieu - Paris VI
IT Soft/System Engineer Researcher
--