Ask detail operate process about edit sudoers file by terminal
Steven Stern
subscribed-lists at sterndata.com
Fri Jun 14 18:51:42 UTC 2013
On 06/14/2013 01:43 PM, Matthew Miller wrote:
> On Fri, Jun 14, 2013 at 01:04:13PM -0400, Doug wrote:
>>>>>> ## Allows people in group wheel to run all commands
>>>>>> %wheel ALL=(ALL) ALL
>>>> This line *IS* uncommented by default.
>>> Hmmm... Maybe it's been so long since I've had to do it. In any case,
>>> it was commented on the two CentOS 6 systems I just set up.
>> In my sudoers, that line is commented out, and should be. You don't
>> want everybody and his brother to have sudo privileges.
>
>
> "Everybody and his brother" should not be in the wheel group. "Wheel" is the
> group for people with administrative privledges on the system.
>
>
OK, let's now have some fun....
sudo cp /bin/bash /bin/mylocalshell
sudo mylocalshell
I know this is preventable, but it's something to think about. No one
should have sudo who you would not trust with root itself. sudo just
adds a layer of accountability.
--
-- Steve
More information about the users
mailing list