[Wolves] sudoers file
Jon Masters
jonathan at jonmasters.org
Sat Jun 26 11:14:01 BST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Old Dan wrote:
| I'm just bothered by the fact that the command 'sudo su' works.
We used to block a lot more of these on our shared colo box but now
allow root logins for maintainance as it can get unmanagable when you
really have to just get some quick access to a root shell to perform a
million upgrades at once. Sudo for daily stuff.
| Disturbing as it means the root password means squat diddly if someone
| finds out my user password, at least with the default settings.
Which is a reason to migrate to SELinux or RBAC Linux over time.
Hopefully I will be migrating my production systems over the next 6-12
months so that one can feel a little more secure at night - when one
combines this with encrypted root then one is getting somewhere.
Jon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA3UxGeTyyexZHHxERAmNPAJ4wbb7hmsDHDChK08ccO3AOvNsKYgCeJaYB
3y7YecUU5xGTiJvh0SR6Y/g=
=feIL
-----END PGP SIGNATURE-----
More information about the Wolves
mailing list