In <857394.80354...@web23608.mail.ird.yahoo.com>, Glyn Astill wrote: >--- On Fri, 22/5/09, Boyd Stephen Smith Jr. <b...@iguanasuicide.net> wrote: >> It's not equivalent to running as root, since (a) you have >> to prefix >> privileged operations with "sudo", (b) you have to re-auth >> such actions by >> entering your password and (c) your sudo credentials will >> timeout >> automatically after they are not used. > >Errr, yeah whatever.... Until they just do "sudo su" and they're in. > ALL=(All) ALL is a bad idea.
Um, no. With 'ALL=(ALL) ALL' they would still have to type in their password unless they had recently given their credentials. If you want to you can turn off the caching of credentials, so that sudo always asks for a password. You can also have it ask for the target user's password instead of the source user's password, if you like. 'ALL=(ALL) ALL' is no more dangerous than having the 'su' binary available. The NOPASSWD option is not the default. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
signature.asc
Description: This is a digitally signed message part.
