Re: su or sudo su?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/18/2010 02:30 PM, suvayu ali wrote:
> Hi James and Patrick,
> 
> On 18 October 2010 09:40, James Mckenzie <jjmckenzie51@xxxxxxxxxxxxx> wrote:
>> Suvayu Ali <fatkasuvayu+linux@xxxxxxxxx> wrote:
>>> I am not sure how it is insecure, could you elaborate? At least to me
>>> giving (limited/full) root privileges to an ordinary user seems a lot
>>> more risky.
>>
>> Which is what you are doing with the file below.
>>>
>>> The way I understand it if I have the following in my /etc/sudoers
>>> file,
>>>
>>> %<user_group>  ALL=(ALL)       ALL
>>>
>> Wow.  I would love to be a user on your system.  If you understand what sudo does, this would be VERY different.  Not to say I would do anything destructive, but access to critical files is exposed to all users, including the default ones and this is a very big security problem.  Of course, I expect that you have taken steps to secure your system by changing all default passwords, assigning strong passwords to all users and using /bin/false for all users that are not supposed to log into your system.
>>
> 
> Okay I see now where I misunderstood you. My system is my desktop, and
> I'm the only user. I was thinking of privileges in the context of the
> command being executed whereas you were speaking about privileges in
> the context of access to all commands.
> 
> Thanks.

I am the only user on my system. I've added myself to the group "wheel"
and given "wheel" privs for sudo (with password).

I also run a system that others have access to.  Can anyone show me how
to block "sudo bash" or "sudo sh"? Sure, once you have sudo you can do
anything, but it does get logged.  Logging is lost if one can sudo to a
shell.



-- 
-- Steve
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux