Ulimately, though, <someaccount> has to be able to perform somecommand>, and that account is a risk, no matter how you slice it.
Bill Moseley wrote:
On Mon, Mar 15, 2004 at 11:35:42PM +0000, Clive Menzies wrote:
I use sudo for all my machines (servers and workstation) with full root privileges. You can restrict what sudoers can do if you're concerned about someone gaining access to your user account (man sudo).
So in that case you still need to su root for some tasks.
I think the main benefit is that you can't do something dangerous as root, should you forget to revert to your user account. With sudo you have to consciously sudo each command.
Do you feel like your own account has too many privileges?
You see where I'm coming from -- if I give myself enough access via sudo to do normal stuff I'd need root for, then it's somewhat like having root all the time. Well, I guess it's more likely to type rm -rf / than sudo rm -rf / by mistake. I guess the key is to really limit what I can do with sudo.
I'm changing my question, though. Let's put it this way -- say you bought a machine and rack space from a provider and they only give you sudo access to commands. Could you effectively manage the machine? And if so would that mean then that your normal account had too much privilege?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
