Re: sudoer security problem on server
* zhang zhengquan <email@example.com> [2009 Mar 28 19:27 -0500]:
> I wonder if a sysadmin should keep the root privilege safe and not
> give sudo to anybody anybody else. and if there is more secure ways of
> enabling root privilege to normal users?
I'm no security or sudo expert, but it seems to me that the devs should
only have access to the commands they need. For example if they need
to install to /usr/local/ using `make install' you can enable that
specific command. For example I did that for myself (single user box)
so that I could run `sudo make install|uninstall' without having to
enter my password:
%USER HOSTNAME=NOPASSWD: /usr/bin/make
I replace USER and HOSTNAME with my local values. The sudoers man page
is quite extensive as well.
- Nate >>
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Ham radio, Linux, bikes, and more: http://n0nb.us/index.html