Re: SUDO vs root account question

• Previous message: xyberpix: "Re: SUDO vs root account question"
• In reply to: Tahis Vera: "SUDO vs root account question"
• Next in thread: Ian: "Re: SUDO vs root account question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 23 Mar 2005 21:44:06 +0000
To: Tahis Vera <tahis.vera@gmail.com>

Hi Tahis

> putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
> sudoers file, gives him COMPLETE root previleges? In other words, if I

of course, this will give your Mr.X the privilegies of root, thats why
you should use this with care and choose whom is authorized to perform
as a root-privilege.

> want that some people, for security reasons, stop using the root
> account/password for accessing the servers, by crating a sudo user
> with ALL previledges will decrease this risk? If this sudo account is

sudo decreases surely the risk to compromise actions as a root user
when some one is connected as a common user.

> compromised, will the cracker have COMPLETE root previleges?

if the sudo is compromised or even your sudo-commands are compromised,
you will of course give a wide door opened on crackers to perform
attacks as root.
check out if there is not rootkits installed on your system and
perform a tripwire check to make sure the integrity of your system,
before publishing sudo commands to users.

> The other questions is how to set the time (in sudoers file) for the
> user to work with sudo, without having to write the password (let's
> say that I want to work for 20 minutes without having to write the
> password again)

If we set timestamp_timeout to -1, "Mr.X" will only have to prove that
he knows the password once. After that, it will not be forgotten, even
if he logs out. But I dont know if we can set a time delay in this
field..

#
#Defaults:Mr.X timestamp_timeout=-1
#

otherwise you have a good tutorial on using sudo here
http://www.aplawrence.com/Basics/sudo.html

Cheers,

-- 
Richard RANDRIA
CNRS/IN2P3/LPNHE Jussieu - Paris VI
IT Soft/System Engineer Researcher
--

• Previous message: xyberpix: "Re: SUDO vs root account question"
• In reply to: Tahis Vera: "SUDO vs root account question"
• Next in thread: Ian: "Re: SUDO vs root account question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: MORE SSH Hacking: heads-up ... networks and under ITIL we use 'sniffing' only to pertain to packets. ... > user and then su to root is insecure at all. ... compromise root if you ever su'd. ... like giving sudo vi, is just like giving sudo bash.. ... (Fedora) Re: Card Reader ... Running your script ... instead of sudo is worthless because your script *can't do ... And of course it doesn't ask for a root password, ... >> That's just more bullshit Bryan, and you might as well leave ... (rec.photo.digital) Re: hi all.. ... And with sudo, I certainly wouldn't because they already have root. ... If you somehow had access to my account right now, ... install an effective key logger without root. ... (Fedora) Re: hi all.. ... compromise security to achieve it - such as very insecure sudo defaults ... that essentially make any admin group user password a root password. ... IE someone gets your user account password, they can do more than just ... (Fedora) Re: Choosing a distribution ... 'sudo bash' where I haven't had a proper root account to work with. ... cracked and hence give the intruder root access. ... (Ubuntu)