sudo free-for-all (editing sudoers? man sudoers didn´t help)
Daniel Pittman
daniel at rimspace.net
Fri Dec 8 02:30:41 UTC 2006
anthony baldwin <anthonybaldwin at optonline.net> writes:
> Lord Sauron wrote:
>
>>There is a file called "sudoers" in /etc which you can use to specify
>>which UIDs/GIDs can gain root access.
>
> Okay, I´m not sure what to do to disable access for the other users.
> I read man sudoers, but it seems to tell me how to enable access for
> users, but not disable it.
>
> All I have in sudoers now is:
>
> # User privilege specification
> root ALL=(ALL) ALL
>
> # Members of the admin group may gain root privileges
> %admin ALL=(ALL) ALL
>
>
> But I am the only user in the admin group....So why do my other users
> have access to sudo? They´re not in admin, nor in the sudo group...
Well, they then shouldn't have access via sudo to anything.
Can you log in as 'someotheruser' and run:
id -a
sudo id -a
Let us know what the output is, so we can see what is going on.
> I´m a bit lost. I don´t see where it says that anyone other than root
> and myself (the only member of the admin group) can get sudo, but,
> nonetheless, other users can get sudo...
When you say "get sudo" you do mean "change to another user" rather
than just, say, run the sudo binary and get told they don't have
permissions?
Oh, and I just checked; on 6.10 a new user isn't in admin, and has no
access via sudo to root or any other user.
Regards,
Daniel
--
Digital Infrastructure Solutions -- making IT simple, stable and secure
Phone: 0401 155 707 email: contact at digital-infrastructure.com.au
http://digital-infrastructure.com.au/
More information about the kubuntu-users
mailing list