On 6/19/19 12:06 AM, Bagas Sanjaya wrote:
Hello all Debian Users, Consider the hypothetical scenario below.I often encountered cases on systems in television stations when they configured sudoers like this snippet below:%remaja ALL=(ALL:ALL) ALLThe rationale for above is most programs on such systems can only be accessed by users which are member of remaja (teens) group via sudo, so their sysadmins giving remaja user group full administrator privileges. Is it dangerous?Regards, Bagas
That is almost as bad as having no security restrictions at all. The correct thing to do would be to set permissions on the programs to allow them to be run by group remaja. I don't say this often. I would immediately fire the person responsible for instituting this policy on a "production" system. (It would be a good policy if the system is intended as an educational environment to allow the teens to ruin things, and learn from experience.) -- Carl Fink carl@finknetwork.com