Re: sudo su gives root without prompting for a password
> On Sun, 2003-12-07 at 19:33, Stephen Touset wrote:
<snip>
> My suggestion? If being able to use "su" without a password gives you
> the heebie-jeebies (as well it should), then be far more restrictive in
> what you allow in /etc/sudoers. After all, if you're just going to allow
> complete access with "sudo", you might as well just use "su".
Well, that's my problem: i don't know how i could tighten this some more
My /etc/sudoers file looks like this:
root ALL=(ALL)ALL
benedict ALL= NOPASSWD: /usr/bin/find, /bin/cpio,
/home/benedict/scripts/backup, /bin/echo, PASSWD: ALL
For my regular user only the commands find, cpio, backip and echo are
allowed without a password. To execute the other commands a password is
needed.
The only way i can see right now to tighten this is to remove the (ALL)ALL
from root and specify what commands can be run there.
Or am i seeing this wrong? I have to admit i'm confused about this.
Sudo seems to give easier access to root as opposed to when i didn't have
it installed and used su to become root to install/manage things.
Any suggestions or references to docs showing how to tighten things up
with sudo are welcome.
Thanks,
Benedict
Reply to: