Re: exporting sudoers, good pratcice ?
From: Fabrice MARIE (fabrice.marie_at_fma-rms.com)
Date: 02/06/04
- Previous message: Tom Whiting: "Re: exporting sudoers, good pratcice ?"
- In reply to: Frédéric Médery: "exporting sudoers, good pratcice ?"
- Next in thread: Tony Kava: "RE: exporting sudoers, good pratcice ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Fri, 6 Feb 2004 12:09:36 +0800
Hello.
On Wednesday 04 February 2004 23:42, Frédéric Médery wrote:
> I'd like to use sudo a lot more.
> Can I have one sudoers for all my server/stations with nfs to make
> administration easyer ?
> Do you have pro/con ?
sudo is great to audit what users do as root or other accounts.
However, it can be a security threat on his own if not configured properly.
I would suggest not to use one single big sudoers file, because the probablity
of forgetting something or of making a configuration mistake grows
bigger as the sudoers file grows bigger. And each server is always
(at least very slightly) different one from another, so sharing the same
configuration file without reviewing it on each machine can cause unwated surprises.
It is actually easier to get root access on a machine with a sudo
badly configured than on a machine without sudo at all.
Have a nice day,
Fabrice.
-- Fabrice A. MARIE FMA Risk Management Solutions http://www.fma-rms.com/
- Previous message: Tom Whiting: "Re: exporting sudoers, good pratcice ?"
- In reply to: Frédéric Médery: "exporting sudoers, good pratcice ?"
- Next in thread: Tony Kava: "RE: exporting sudoers, good pratcice ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
