The reason is that no matter how smart you think you are, some smarty pants always finds a way to abuse the root privileges they have been granted, possibly by exploiting a design flaw in the program they've been allowed to run as root.
For example, I am pretty sure that psql can be used to write files with arbitrary content (use your imagination with \copy ... or \echo ...). I am pretty sure that as root you could overwrite /usr/bin/psql with another file of the same name that actually execs /bin/bash if invoked with a suitable command line option, but otherwise behaves just like /usr/bin/psql ...
If you don't believe me try this:
sudo psql <whatever ...> dbname=>\pset tuples_only dbname=>\o |/bin/bash dbname=>select 'id'; uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)There are many more sophisticated examples. The only solution is not to grant sudo to anyone you wouldn't grant root to.
Cheers,
Robin
On Wed, 2012-03-14 at 12:24 -0400, Kris Deugau wrote:
Scott Ribe wrote: > On Mar 14, 2012, at 9:01 AM, David Ondrejik wrote: > >> In Linux you can setup and use the "sudo" option. For those whom you don't wish to have root access, simply make them sudousers, then change the root password. This will force those users to simply type "sudo" (w/o quotes) at the beginning of each command they want to run (i.e. sudo psql db_name "insert into...."). > > Sure, you mean like this command: > > sudo su root If properly (mis)configured. On the other hand, you can provide very limited root access on a command-by-command and user-by-user basis with more complex sudo configurations, and while the first request will ask for a password, further requests within the configured authorization timeout will still be logged even if the user isn't asked for their password. -kgd
