[NTLUG:Discuss] visudo/sudoers question
Robert Citek
robert.citek at gmail.com
Sat Mar 24 18:21:50 CDT 2007
Or if you use groups, you simply have to remove them from the group.
For example, on my Ubuntu machine, part of my /etc/sudoers looks like this:
%admin ALL=(ALL) ALL
All folks in the admin group (/etc/group) can admin the machine. No
need to modify /etc/sodoers.
As for Tom's question, anyone knowing root's password can become root by
using "su", regardless of the configuration of /etc/sudoer, at least
under Linux. YMMV, if using BSD.
Regards,
- Robert
Victor Brilon wrote:
> The idea behind sudo is that you set up users to execute commands as
> the root user by using *their own* password. Thus you don't have to
> give out the root password to them, nor have to change it when one of
> them leaves your system (job/school/whatever) -- you just remove them
> from the sudoers file.
>
> Victor
>
> On Mar 24, 2007, at 6:41 PM, Tom Hayden wrote:
>
>> I am trying to set up the sudoer file on my linux system so that any
>> user in the "sudo" group can sudo any command, but have to enter the
>> root pass word first. According to the man pages the following
>> should work:
>>
>> User_Alias SUDO = %sudo
>>
>> SUDO ALL=PASSWD:ALL
>>
>> However, when I do this, any user in the "sudo" group can sudo any
>> command with out the root pass word. Does any one have any
>> suggestions?
>>
>> --
>> Tom Hayden III
>>
>> Coherent solutions for chaotic situations
>>
>> tom.hayden.iii at mail.airmail.net
>> 214-435-4174
>>
>> 2636 Verandah Ln.
>> Apartment 1431
>> Arlington Texas, 76006
>>
>>
>> _______________________________________________
>> http://www.ntlug.org/mailman/listinfo/discuss
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list