root password
Joe Zeff
joe at zeff.us
Tue Feb 7 22:21:14 UTC 2012
On 02/07/2012 02:08 PM, Steven Stern wrote:
> I keep meaning to edit the sudo config files to block things like
>
> sudo su -
> sudo bash
>
> but I get lazy. Someday, this will bite me in the ***.
There's a much better, easier way to prevent that: don't activate sudo
unless there are people using your box that need to do specific admin
tasks but don't have the root password. And, if you do give them sudo
access, limit it to the commands they actually need to be using because
if you don't, giving them sudo access is exactly the same as giving out
the root password.
More information about the users
mailing list