[Wolves] sudoers file
SimonB
simonb at geek-web.co.uk
Fri Jun 25 12:53:56 BST 2004
Stuart Langridge wrote:
> Old Dan said:
>
>>I'm just bothered by the fact that the command 'sudo su' works.
>>
>>I just modified a file with user/group as root/root and permissions 440
>>as my own username after doing that.
>>
>>Disturbing as it means the root password means squat diddly if someone
>>finds out my user password, at least with the default settings.
>
>
> You're supposed to use "sudo" to allow a given user to run *some* commands
> as root, not all commands as root :-) If you allow them to run all
> commands, then "sudo su" is pretty much irrelevant; any command that you
> could run after "su", you could have also run with "sudo" in front of it.
>
> Aq.
Just to be pedantic, then heres a quote from the sudoers man page:
root_sudo If set, root is allowed to run sudo too.
Disabling this prevents users from "chaining"
sudo commands to get a root shell by doing
something like "sudo sudo /bin/sh". This flag
is on by default.
NOw i'd assume that most users will be allowd to run a shell, im not
sure if its in the sudoers list, but it may well be there, im not sure
where it is on here, i'll have to check when i get home, but none the
less it is still disturbing.
Thanks,
Simon
More information about the Wolves
mailing list