Re: Giving full administrator privileges through sudo on production systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




> On Aug 16, 2019, at 6:21 AM, Warren Young <warren@xxxxxxxxxxx> wrote:
> 
> On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme@xxxxxxxxx> wrote:
>> 
>> Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead of sysadmin when something breaks?
> 
> sudo is a tool for expressing and enforcing a site’s policies regarding superuser privilege.
> 
> If your sudo configuration expresses and enforces those policies the way you want it to, then the configuration is correct.  If it does not, then fix it.

Incidentally, sudo stands for substitute user do. Meaning: executing something as a different user. I keep repeading it to proficient Linux users who sometimes need my help too, amazingly they all percieve it as a super user do, not as a substitute user do. Even though “man sudo” says in the first line: - execute a command as another user…

Just mentioning.

Valeri

> sudo doesn’t tell you what your policies should be.
> 
> We can suggest policies to you, but not based only on the information you’ve just given us.  To properly advise you, we’d need to know your threat models, the risk assessments, and more.  In short, we’d have to become your system administrators.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux