SUDO

[hike]

On Mon, Jun 29, 2009 at 3:49 PM, mark <m.roth2006 at rcn.com> wrote:

> hike wrote:
> > On Mon, Jun 29, 2009 at 10:16 AM, Mertens, Bram <mertensb at mazdaeur.com
> >wrote:
> >
> >> I'd like to elaborate on this a bit.
> >>
> >> The intention of sudo is to allow specific users to execute specific
> >> commands while keeping the root account locked down.  In addition sudo
> >> provides a trace of which user executed which command in /var/log/secure
> >> that can be used for auditing.
> >>
> >> The sudoers file should allow as little as possible to as few users as
> >> possible!
> >>
> >> If you allow users to execute sudo su - with or without having to enter
> >> the root password you gain nothing.  While working as root no actions
> >> are logged and all log files can be edited to remove any trace of
> >> "illegal" actions.
> <snip>
> > the op wants to hack the system and gain resources he has no
> authorization
> > for.
>
> Or the managers don't want to share root password, say, with a contractor,
> who
> they've hired as a sysadmin, but will only be there a few months, and they
> don't want to have to change root passwords.
>
>        mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>


that is a distinction without a difference.

the op wants to hack the system and gain resources he has no authorization
for.