Re: SUDO vs root account question

From: Ian (cdine.org_at_gmail.com)
Date: 03/23/05

  • Next message: Vladamir: "Re: SUDO vs root account question" 
    Date: Wed, 23 Mar 2005 14:20:36 -0800
To: Tahis Vera <tahis.vera@gmail.com>

    Side note - you can restrict what things can be ran, man sudo..
    however im sure there are quite a few things you would have to
    restrict to be safe, since so many things could drop you a shell, and
    even without a shell the privs are there, so things can still be done.
     Best bet would be to allow only what is needed, in my opinion.

    On Wed, 23 Mar 2005 14:18:06 -0800, Ian <cdine.org@gmail.com> wrote:
    > That would give him root privs, he could sudo su -, and that's that.
    > As for the timing, I'm not sure about that but I'm sure others on this
    > list can help with it.
    >
    >
    > On Wed, 23 Mar 2005 10:47:30 +0200, Tahis Vera <tahis.vera@gmail.com> wrote:
    > > Hi all,
    > > I have two quick questions related to the 'sudo' command;
    > > putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
    > > sudoers file, gives him COMPLETE root previleges? In other words, if I
    > > want that some people, for security reasons, stop using the root
    > > account/password for accessing the servers, by crating a sudo user
    > > with ALL previledges will decrease this risk? If this sudo account is
    > > compromised, will the cracker have COMPLETE root previleges?
    > >
    > > The other questions is how to set the time (in sudoers file) for the
    > > user to work with sudo, without having to write the password (let's
    > > say that I want to work for 20 minutes without having to write the
    > > password again)
    > >
    > > regards
    > >
    > > Tahis
    > >
    >

  • Next message: Vladamir: "Re: SUDO vs root account question"

    Relevant Pages

    • Re: SUDO vs root account question
      ... "sudo su -" will be his password, I would much rather add all the ... > want that some people, for security reasons, stop using the root ... If this sudo account is ... will the cracker have COMPLETE root previleges? ...
      (Security-Basics)
    • Re: Granting a user to shutdown(power off) resp. restart Solaris ?
      ... the whole Solaris system. ... A pretty good way of doing it is to use the sudo utility. ... you can also restrict what arguments they are ... Alternate approach would probably be to use RBAC (which comes bundled ...
      (comp.unix.solaris)
    • SUDO vs root account question
      ... I have two quick questions related to the 'sudo' command; ... If this sudo account is ... will the cracker have COMPLETE root previleges? ... The other questions is how to set the time (in sudoers file) for the ...
      (Security-Basics)
    • Re: SUDO vs root account question
      ... gives him COMPLETE root previleges? ... If this sudo account is ... sudo decreases surely the risk to compromise actions as a root user ...
      (Security-Basics)
    • Re: SUDO vs root account question
      ... > sudoers file, ... > account/password for accessing the servers, by crating a sudo user ... If this sudo account ... will the cracker have COMPLETE root previleges? ...
      (Security-Basics)
    Loading