On Sat, 2005-04-02 at 12:27 -0600, Jonathan Berry wrote:
On Apr 1, 2005 12:41 PM, Matthew Miller mattdm@mattdm.org wrote:
On Fri, Apr 01, 2005 at 04:56:10PM +0000, hicham wrote:
I would like to know if I give a user an ALL privilege in the /etc/sudoers does he become a superuser than ? isn't that risky ?
The user is effectively superuser, yes. However, it's somewhat better, since there's still an active step -- authenticating with your own credentials -- required to switch into privledged mode.
snip
superuser privileges. One problem is, the user can do "sudo su -" and then have a root shell, the activities of which are not logged. To echo Mike, look at "man sudo" for more considerations.
Anyone who sets up sudoers to allow that command should be shot.
The idea behind sudo is to allow those users who are trusted to have a limited set of commands to run and to provide for tracking/auditing.
Allowing anyone to use sudo with ALL commands is the same as giving them the root password (and only as secure as their user password). VERY RISKY!
Jonathan