sudo question
M E Fieu
sibu168 at yahoo.com
Sat Jun 11 19:06:10 UTC 2005
Hi.. I defined sudoers file as
# sudoers file.
#
# This file MUST be edited with the 'visudo' command
as root.
#
# User privilege specification
root ALL=(ALL) ALL
jim ALL=(ALL) ALL
Defaults logfile=/var/log/sudolog
So Jim as root access, but I found Jim can modify the
log file /var/log/sudolog as well using sudo. How to
prevent it from change the log file?
Question 2. I saw the following article, don't you
feel it is stupid configuration. If Jim need to know
root password to use sudo why not let he su to root ?
# Defaults specification
Defaults:jim timestamp_timeout=0, runaspw,
passwd_tries=1
This changes three things. First, "jim" needs root's
password to run sudo (because of "runaspw"). Second,
the password will not be remembered
(timestamp_timeout), and he gets only one chance to
enter it (the default is three tries).
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the users
mailing list