hike wrote: > On Mon, Jun 29, 2009 at 10:16 AM, Mertens, Bram <mertensb@xxxxxxxxxxxx>wrote: > >> I'd like to elaborate on this a bit. >> >> The intention of sudo is to allow specific users to execute specific >> commands while keeping the root account locked down. In addition sudo >> provides a trace of which user executed which command in /var/log/secure >> that can be used for auditing. >> >> The sudoers file should allow as little as possible to as few users as >> possible! >> >> If you allow users to execute sudo su - with or without having to enter >> the root password you gain nothing. While working as root no actions >> are logged and all log files can be edited to remove any trace of >> "illegal" actions. <snip> > the op wants to hack the system and gain resources he has no authorization > for. Or the managers don't want to share root password, say, with a contractor, who they've hired as a sysadmin, but will only be there a few months, and they don't want to have to change root passwords. mark -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
