Security Basics: Re: SUDO vs root account question

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: SUDO vs root account question

From: "Joe Polk" <listuser () javelinux com>
Date: Wed, 23 Mar 2005 14:27:21 -0400

Hi all,
I have two quick questions related to the 'sudo' command;
putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
sudoers file, gives him COMPLETE root previleges? In other words, if 
I want that some people, for security reasons, stop using the root 
account/password for accessing the servers, by crating a sudo user 
with ALL previledges will decrease this risk? If this sudo account 
 is compromised, will the cracker have COMPLETE root previleges?


Think of SUDO and "DO" this as "SU."  If I hack a user account with full sudo
access, I can make myself root.

--
<<JAV>>

By Date By Thread

Current thread:

SUDO vs root account question Tahis Vera (Mar 23)
- Re: SUDO vs root account question Joe Polk (Mar 23)
- Re: SUDO vs root account question Louis Lerman (Mar 23)
- Re: SUDO vs root account question Jacob Bresciani (Mar 23)
- Re: SUDO vs root account question xyberpix (Mar 23)
- Re: SUDO vs root account question RichardR (Mar 23)
- Re: SUDO vs root account question Ian (Mar 23)