Yes, if the user has full root access and is compromised, the attacker
will have full root access (the system doesn't know the difference
between people unless you're using BioMetrics :) )
As for allowing a time limit..
IIRC the way to do it is:
timestamp_timeout= <timeout limit>
Tahis Vera wrote:
> Hi all,
> I have two quick questions related to the 'sudo' command;
> putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
> sudoers file, gives him COMPLETE root previleges? In other words, if I
> want that some people, for security reasons, stop using the root
> account/password for accessing the servers, by crating a sudo user
> with ALL previledges will decrease this risk? If this sudo account is
> compromised, will the cracker have COMPLETE root previleges?
> The other questions is how to set the time (in sudoers file) for the
> user to work with sudo, without having to write the password (let's
> say that I want to work for 20 minutes without having to write the
> password again)
>
> regards
>
> Tahis
>
Received on Mar 23 2005
Intro
