[OT] sudo, why not su?

Colin Watson cjwatson at ubuntu.com
Wed Aug 10 10:38:14 UTC 2005


On Wed, Aug 10, 2005 at 07:55:38AM +0100, Magnus Therning wrote:
> If you want to make it possible for everyone in the adm group to run all
> commands you can add the following line:
> 
>  %adm ALL=(ALL) ALL

Please, please don't do this. The adm group is only intended for reading
files in /var/log (as /usr/share/doc/base-passwd/users-and-groups.txt.gz
says); it's supposed to be safe to add users to the adm group in the
knowledge that all they can do with it is read some log files. It will
be horrible if people start using it for root-equivalence instead.

We use the admin group for sudo instead.

Cheers,

-- 
Colin Watson                                       [cjwatson at ubuntu.com]




More information about the ubuntu-users mailing list