On Thu, 2003-09-11 at 07:43, Ed Wilts wrote: > On Thu, Sep 11, 2003 at 07:09:43AM -0400, Jason Dixon wrote: > > This is what sudo is for. If he insists on having root, but can't > > remember root's password, just give him the ability to escalate his > > permissions. If he doesn't want to enter extra passwords, and you're ok > > with it, add the following to your /etc/sudoers file (assuming you've > > installed the sudo package): > > > > username ALL=(ALL) NOPASSWD: ALL > > I used to like the idea of NOPASSWD on the sudo option but have since > come to realize how unsecure this really is. If you're going to run > with a password-less sudoers file, you may as well run as root. A nasty > script could easily do something like "sudo /bin/rm /" and you'd be > dead.
Excuse my French, but "no shit". If you'd have read further down, you'd have noticed my claim that I would never personally do this on any of *my* systems, but it sounds appropriate for this guy's usage. He has a boss that a) probably can't be trusted not to screw stuff up, since b) he keeps changing the root password and forgetting it. If he has root, he can just as easily "rm -rf /" (note that your command wouldn't do much damage) and kill systems. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
