On Sat, 2005-04-02 at 12:27 -0600, Jonathan Berry wrote: > On Apr 1, 2005 12:41 PM, Matthew Miller <mattdm@xxxxxxxxxx> wrote: > > On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote: > > > I would like to know if I give a user an ALL privilege in the /etc/sudoers > > > does he become a superuser than ? > > > isn't that risky ? > > > > The user is effectively superuser, yes. However, it's somewhat better, since > > there's still an active step -- authenticating with your own credentials -- > > required to switch into privledged mode. > > > snip > superuser privileges. One problem is, the user can do "sudo su -" and > then have a root shell, the activities of which are not logged. To > echo Mike, look at "man sudo" for more considerations. > Anyone who sets up sudoers to allow that command should be shot. The idea behind sudo is to allow those users who are trusted to have a limited set of commands to run and to provide for tracking/auditing. Allowing anyone to use sudo with ALL commands is the same as giving them the root password (and only as secure as their user password). VERY RISKY! > Jonathan >
