Claude Jones wrote:
> This is getting at what I was trying to understand -
> This raises another question. A constant suggestion I've read is to block root
> logins and use sudo. If someone breaks in using my login/pw combo, what's to
> prevent them from using sudo to get root privileges? If they've hacked my
> username/password, then wouldn't sudo be the first thing they'd try, too?
Good question.
If you've setup sudo so you can do anything with sudo, then yes, your
account is equivalent to root. You've effectively acheived what the
Original Poster was after without breaking stuff: a different username
with root's abilities.
Otherwise, it depends on what you allow your normal account to do with
sudo. I found that allowing yum update and chkrootkit was all I was
normally doing with su, so I just allow those two commands with sudo.
Since an attacker can't control my yum configuration, and since I've got
signature checking turned on in yum, an attacker couldn't then use yum
to load a random hostile binary.
Hope this helps,
James.
--
E-mail address: james | That brought a lump to the eye and a tear to the
@westexe.demon.co.uk | throat.
| -- "I'm Sorry, I Haven't A Clue", BBC Radio 4
