On Tue, Oct 31, 2000 at 10:50:17PM -0600, Phil Brutsche wrote: > > There's also the side benefit that you can give limited root access to > people you only sorta trust with administrative duties, especially since > you don't need to give out the root password anymore :)
its actually very limited what you can give a `sorta trusted' user access to. if say, vi, emacs or just about any other editor is given a root shell is only one subcommand away, in vi i think its !/bin/sh emacs its M-x shell-command > sudo rocks, btw. It should be standard equipment on any and all > Linux/unix systems. But only on OpenBSD is that so :( > > > Of course, I might have missed something somewhere... Anyone? > > What about the people who do something like this with their sudo entry: > > username ALL = NOPASSWD: ALL > > Able to execute any command as root without giving any sort of > authorization information... > > The power to do it is there. Someone's bound to do it. you can also set your root password null or add a line like this to /etc/inetd.conf: telnet stream tcp nowait root /bin/sh sh -i or run things like: $ su root Password: # lynx --source http://go-gnome.com/ | sh whats the saying? unix gives you just enough rope to hang yourself. personally i don't give myself any sudo privileges that can lead to full root access. i just won't have my user password be automatically == root password. now if i could configure sudo to require the root password instead of mine for some/all commands that would be nice since you get the limited cache unlike su -c. but since i can't i just use /bin/su -c and full su to root for maintenance. and i always get rid of that evil group staff permissions on /usr/local/* ;-) -- Ethan Benson http://www.alaska.net/~erbenson/
pgpIuKr7deLHv.pgp
Description: PGP signature
