[Wolves] sudoers file

[SimonB]

Stuart Langridge wrote:
> Old Dan said:
> 
>>I'm just bothered by the fact that the command 'sudo su' works.
>>
>>I just modified a file with user/group as root/root and permissions 440
>>as my own username after doing that.
>>
>>Disturbing as it means the root password means squat diddly if someone
>>finds out my user password, at least with the default settings.
> 
> 
> You're supposed to use "sudo" to allow a given user to run *some* commands
> as root, not all commands as root :-) If you allow them to run all
> commands, then "sudo su" is pretty much irrelevant; any command that you
> could run after "su", you could have also run with "sudo" in front of it.
> 
> Aq.
Just to be pedantic, then heres a quote from the sudoers man page:

  root_sudo   If set, root is allowed to run sudo too.
                    Disabling this prevents users from "chaining"
                    sudo commands to get a root shell by doing
                    something like "sudo sudo /bin/sh".  This flag
                    is on by default.


NOw i'd assume that most users will be allowd to run a shell, im not 
sure if its in the sudoers list, but it may well be there, im not sure 
where it is on here, i'll have to check when i get home, but none the 
less it is still disturbing.

Thanks,
Simon