Re: sudo su gives root without prompting for a password
On Mon, Dec 08, 2003 at 01:33:38AM +0100, Benedict Verheyen wrote:
> Hi,
>
> i recently removed the SUID bit from /bin/su.
> The permissions now look like this: -rwxr-x---
> Now i can just type "sudo su" to become root and no password
> is asked. Previously i needed to type the root password
> when using su. As a normal user, i now cannot run su anymore
> which is ok for me.
Actually this behavior sounds just right. When you run things using
sudo its as if you are running them as root and when root uses su s/he
doesn't need a password.
Considering the fact you sudo should ask you for a password after a
timeout (depending on how you set it up) and the fact that you can run
things as root anyway using sudo it doesn't give you any more power
then you had before (except for the timeout on the password with sudo).
> The permissions of sudo are: -rwsr-x---
>
> My /etc/sudoers file looks like this:
> root ALL=(ALL)ALL
> benedict ALL= NOPASSWD: /usr/bin/find, /bin/cpio,
> /home/benedict/scripts/backup, /bin/echo, PASSWD: ALL
>
> The entries with NOPASSWD are because of a backup script.
> So why don't i need to type a password for running "sudo su".
> It just doesn't feel right the way it's now.
>
> Thanks,
> Benedict
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: