[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo su gives root without prompting for a password



> On Sun, 2003-12-07 at 19:33, Stephen Touset wrote:
<snip>
> My suggestion? If being able to use "su" without a password gives you
> the heebie-jeebies (as well it should), then be far more restrictive in
> what you allow in /etc/sudoers. After all, if you're just going to allow
> complete access with "sudo", you might as well just use "su".

Well, that's my problem: i don't know how i could tighten this some more
My /etc/sudoers file looks like this:
   root ALL=(ALL)ALL
   benedict ALL= NOPASSWD: /usr/bin/find, /bin/cpio,
      /home/benedict/scripts/backup, /bin/echo, PASSWD: ALL

For my regular user only the commands find, cpio, backip and echo are
allowed without a password. To execute the other commands a password is
needed.
The only way i can see right now to tighten this is to remove the (ALL)ALL
from root and specify what commands can be run there.
Or am i seeing this wrong? I have to admit i'm confused about this.
Sudo seems to give easier access to root as opposed to when i didn't have
it installed and used su to become root to install/manage things.

Any suggestions or references to docs showing how to tighten things up
with sudo are welcome.

Thanks,
Benedict



Reply to: