Ask detail operate process about edit sudoers file by terminal
Joe Zeff
joe at zeff.us
Fri Jun 14 20:50:07 UTC 2013
On 06/14/2013 01:04 PM, Matthew Miller wrote:
> Oh no. Start with 'sudo bash' or 'sudo su'. People do this all the time.
> Then `unset HISTFILE`. Then do the above not with sudo.
>
> But this is very off-topic.
It is and it isn't. If nothing else, it makes it clear just how easy it
is to gain un-logged root access if you have unrestricted access to
sudo, even for a short time. If you're going to add any of your users
to sudoers, think carefully about just what access they need, and don't
give anybody more than you have to. And, don't add them to wheel unless
you'd be willing to give them the root password, because with wheel
having unlimited sudo rights, there's no practical difference (except
for logging) that I can see.
More information about the users
mailing list