Re: exporting sudoers, good pratcice ?

• Previous message: Brian Hatch: "Re: exporting sudoers, good pratcice ?"
• In reply to: Tom Whiting: "Re: exporting sudoers, good pratcice ?"
• Next in thread: Hal Flynn: "Re: exporting sudoers, good pratcice ?"
• Reply: Hal Flynn: "Re: exporting sudoers, good pratcice ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 4 Feb 2004 17:43:11 -0800
To: focus-linux@securityfocus.com

On Wed, Feb 04, 2004 at 12:57:48PM -0600, Tom Whiting wrote:
> On Wed, 2004-02-04 at 09:42, Fr??d??ric M??dery wrote:
> > I'd like to use sudo a lot more.
> > Can I have one sudoers for all my server/stations with nfs to make
> > administration easyer ?
> > Do you have pro/con ?

Just realized my last response will probably get rejected due to
topposting[1] so I'll try again.

Originally I said in general conversation that involves security and
NFS in the same sentence is a bad idea. I'll take this second chance
to modify that answer to "anything that involves security and NFS is
really stupid."

Senario number one: Your network's down, for whatever reason you can't
access root via password. You try sudo, and watch it timeout trying to
access your sudoers file...

As initially mentioned, use rsync or similar.

As for disabling root logins, unless you got yourself a failsafe method
to get admin rights on the box versus another method(sudo is not it)
that sounds like yet another good way to shoot oneself in the foot. An
acceptable alternative is disable remote root logins or (surprisingly
easier under windows) chaning the root user's username.

John
1: Really...I'm offering clue, and the response is "No, sorry, that
post is formatted bad, you can't share useful information." Is this an
etiquette list or an information sharing list?

• Previous message: Brian Hatch: "Re: exporting sudoers, good pratcice ?"
• In reply to: Tom Whiting: "Re: exporting sudoers, good pratcice ?"
• Next in thread: Hal Flynn: "Re: exporting sudoers, good pratcice ?"
• Reply: Hal Flynn: "Re: exporting sudoers, good pratcice ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Problem setting up NFS on Ubuntu ... > looks like a scolding one. ... if you ever see root running not under sudo, ... > matter in another response. ... (comp.os.linux.setup) Re: Ubuntu killed my monitor and other problems. ... Root logins are disabled on Ubuntu to prevent naive new users from running ... If they abuse of the sudo there is no gain ... More likely than not all of their GUI apps will also be run non-root. ... (comp.os.linux.setup) Re: SUDO ... I've always heard people discouraging root logins or "su" and using sudo instead. ... I know how sudo works and how to fine-tune system access with it, but is the above suggestion in any way different or safer than a root login? ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: SUDO ... I've always heard people discouraging root logins or "su" and using ... I know how sudo works and how to fine-tune system access ... permissions to access it I granted myself permissions just to Wesnoth. ... (Debian-User) Re: Viruses in linux? ... (crowd mumbling in response) ... make install && sudo ... -- use hotmail.com for any email replies ... (comp.os.linux.security)