Am 14.06.2013 20:51, schrieb Steven Stern: > On 06/14/2013 01:43 PM, Matthew Miller wrote: >> On Fri, Jun 14, 2013 at 01:04:13PM -0400, Doug wrote: >>>>>>> ## Allows people in group wheel to run all commands >>>>>>> %wheel ALL=(ALL) ALL >>>>> This line *IS* uncommented by default. >>>> Hmmm... Maybe it's been so long since I've had to do it. In any case, >>>> it was commented on the two CentOS 6 systems I just set up. >>> In my sudoers, that line is commented out, and should be. You don't >>> want everybody and his brother to have sudo privileges. >> >> >> "Everybody and his brother" should not be in the wheel group. "Wheel" is the >> group for people with administrative privledges on the system. >> >> > OK, let's now have some fun.... > > sudo cp /bin/bash /bin/mylocalshell > sudo mylocalshell > > I know this is preventable, but it's something to think about. No one > should have sudo who you would not trust with root itself. sudo just > adds a layer of accountability and that is why you you can restrict sudo for a limited set of commands while put somebody in the wheel-group is the same as give him the root-pwd except logging which can with root perms also tricked out as long syslog is not pushing to a network machine
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
