Probably better to just give jim rights to specific commands here instead of ALL.# User privilege specification root ALL=(ALL) ALL jim ALL=(ALL) ALL Defaults logfile=/var/log/sudolog
So Jim as root access, but I found Jim can modify theif you are worried about that then jim's user account shouldn't be mentioned in the sudoers file. you can fix the problem by not giving jim an ALL.
log file /var/log/sudolog as well using sudo. How to
prevent it from change the log file?
Question 2. I saw the following article, don't youjim doesn't need root's password to run sudo, he just needs jim's password. jim needs root's password to run su ... unless he has the nifty NOPASSWORD clause in the sudoers file, and in that case he can just sudo su - and become root.
feel it is stupid configuration. If Jim need to know
root password to use sudo why not let he su to root
You might want to check out the man pages for su, sudo and sudoers before you grant jim any sudoer access.# Defaults specification Defaults:jim timestamp_timeout=0, runaspw, passwd_tries=1
This changes three things. First, "jim" needs root's password to run sudo (because of "runaspw"). Second, the password will not be remembered (timestamp_timeout), and he gets only one chance to enter it (the default is three tries).
http://www.courtesan.com/sudo/man/sudoers.html
http://www.courtesan.com/sudo/man/sudo.html
http://www.rt.com/man/su.1.html
