On Mon, Jun 29, 2009 at 3:49 PM, mark <m.roth2006@xxxxxxx> wrote: > hike wrote: > > On Mon, Jun 29, 2009 at 10:16 AM, Mertens, Bram <mertensb@xxxxxxxxxxxx > >wrote: > > > >> I'd like to elaborate on this a bit. > >> > >> The intention of sudo is to allow specific users to execute specific > >> commands while keeping the root account locked down. In addition sudo > >> provides a trace of which user executed which command in /var/log/secure > >> that can be used for auditing. > >> > >> The sudoers file should allow as little as possible to as few users as > >> possible! > >> > >> If you allow users to execute sudo su - with or without having to enter > >> the root password you gain nothing. While working as root no actions > >> are logged and all log files can be edited to remove any trace of > >> "illegal" actions. > <snip> > > the op wants to hack the system and gain resources he has no > authorization > > for. > > Or the managers don't want to share root password, say, with a contractor, > who > they've hired as a sysadmin, but will only be there a few months, and they > don't want to have to change root passwords. > > mark > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > that is a distinction without a difference. the op wants to hack the system and gain resources he has no authorization for. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list