On 06/14/2013 01:04 PM, Matthew Miller wrote:
Oh no. Start with 'sudo bash' or 'sudo su'. People do this all the time. Then `unset HISTFILE`. Then do the above not with sudo. But this is very off-topic.
It is and it isn't. If nothing else, it makes it clear just how easy it is to gain un-logged root access if you have unrestricted access to sudo, even for a short time. If you're going to add any of your users to sudoers, think carefully about just what access they need, and don't give anybody more than you have to. And, don't add them to wheel unless you'd be willing to give them the root password, because with wheel having unlimited sudo rights, there's no practical difference (except for logging) that I can see.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
