Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SUDO vs root account question

From: Ian <cdine.org () gmail com>
Date: Wed, 23 Mar 2005 14:20:36 -0800
Side note - you can restrict what things can be ran, man sudo..
however im sure there are quite a few things you would have to
restrict to be safe, since so many things could drop you a shell, and
even without a shell the privs are there, so things can still be done.
 Best bet would be to allow only what is needed, in my opinion.


On Wed, 23 Mar 2005 14:18:06 -0800, Ian <cdine.org () gmail com> wrote:

That would give him root privs, he could sudo su -, and that's that.
As for the timing, I'm not sure about that but I'm sure others on this
list can help with it.


On Wed, 23 Mar 2005 10:47:30 +0200, Tahis Vera <tahis.vera () gmail com> wrote:

Hi all,
I have two quick questions related to the 'sudo' command;
putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
sudoers file, gives him COMPLETE root previleges? In other words, if I
want that some people, for security reasons, stop using the root
account/password for accessing the servers, by crating a sudo user
with ALL previledges will decrease this risk? If this sudo account  is
compromised, will the cracker have COMPLETE root previleges?

The other questions is how to set the time (in sudoers file) for the
user to work with sudo, without having to write the password (let's
say that I want to work for 20 minutes without having to write the
password again)

regards

Tahis
Previous By Date Next
Previous By Thread Next

Current thread: