Security Basics mailing list archives
Re: SUDO vs root account question
From: Jacob Bresciani <jacob () bresciani ca>
Date: Wed, 23 Mar 2005 13:21:27 -0800
answers below On Wed, 2005-03-23 at 10:47 +0200, Tahis Vera wrote:
Hi all, I have two quick questions related to the 'sudo' command; putting a certain user Mr.X with ALL=(ALL)ALL permissions in the sudoers file, gives him COMPLETE root previleges? In other words, if I want that some people, for security reasons, stop using the root account/password for accessing the servers, by crating a sudo user with ALL previledges will decrease this risk? If this sudo account is compromised, will the cracker have COMPLETE root previleges?
yes, try running `sudo su -` Read through the man page to lead how to secure this as much as possible. It would also be better (in my mind) if there was no "group" user account. Give the users access as required on a per user basis. Every time sudo is run it gets logged telling me who did what using sudo and failed attempts to run sudo logged and e-mailed to root (aliased to me).
The other questions is how to set the time (in sudoers file) for the user to work with sudo, without having to write the password (let's say that I want to work for 20 minutes without having to write the password again)
according to the sudoers man page (on my amd64 debian system) timestamp_timeout Number of minutes that can elapse before sudo will ask for a passwd again. The default is 15. Set this to 0 to always prompt for a password. If set to a value less than 0 the user's times- tamp will never expire. This can be used to allow users to create or delete their own timestamps via sudo -v and sudo -k respec- tively
regards Tahis
-- Jacob Bresciani Etraffic Solutions Systems / Network Administrator BUS (250) 658-8238 ex 39 FAX (250) 658-5936
Current thread:
- SUDO vs root account question Tahis Vera (Mar 23)
- Re: SUDO vs root account question Joe Polk (Mar 23)
- Re: SUDO vs root account question Louis Lerman (Mar 23)
- Re: SUDO vs root account question Jacob Bresciani (Mar 23)
- Re: SUDO vs root account question xyberpix (Mar 23)
- Re: SUDO vs root account question RichardR (Mar 23)
- Re: SUDO vs root account question Ian (Mar 23)
- Re: SUDO vs root account question Ian (Mar 23)
- Re: SUDO vs root account question Vladamir (Mar 23)
- Re: SUDO vs root account question Teresa Hasheminejad (Mar 24)
- Re: SUDO vs root account question Blaine Lefler (Mar 24)