On 10/18/2010 02:30 PM, suvayu ali wrote: > Hi James and Patrick, > > On 18 October 2010 09:40, James Mckenzie <jjmckenzie51@xxxxxxxxxxxxx> wrote: >> Suvayu Ali <fatkasuvayu+linux@xxxxxxxxx> wrote: >>> I am not sure how it is insecure, could you elaborate? At least to me >>> giving (limited/full) root privileges to an ordinary user seems a lot >>> more risky. >> >> Which is what you are doing with the file below. >>> >>> The way I understand it if I have the following in my /etc/sudoers >>> file, >>> >>> %<user_group> ALL=(ALL) ALL >>> >> Wow. I would love to be a user on your system. If you understand what sudo does, this would be VERY different. Not to say I would do anything destructive, but access to critical files is exposed to all users, including the default ones and this is a very big security problem. Of course, I expect that you have taken steps to secure your system by changing all default passwords, assigning strong passwords to all users and using /bin/false for all users that are not supposed to log into your system. >> > > Okay I see now where I misunderstood you. My system is my desktop, and > I'm the only user. I was thinking of privileges in the context of the > command being executed whereas you were speaking about privileges in > the context of access to all commands. > > Thanks. I am the only user on my system. I've added myself to the group "wheel" and given "wheel" privs for sudo (with password). I also run a system that others have access to. Can anyone show me how to block "sudo bash" or "sudo sh"? Sure, once you have sudo you can do anything, but it does get logged. Logging is lost if one can sudo to a shell. -- -- Steve -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines