for everyone whose sick of sudo read this

Stephen R Laniel steve at laniels.org
Wed Jun 29 22:43:08 UTC 2005


On Thu, Jun 30, 2005 at 10:33:48AM +1200, Stephen Ward wrote:
> Yes that is true, unfortunately as was proved in this case, should != do

I'm curious how it happened, actually, because it's quite
hard to edit the sudoers file without going through a lot of
effort. Even if you do

sudo vim /etc/sudoers

it won't work, because the permissions on that file are

-r--r-----  1 root root 376 2004-12-16 16:40 /etc/sudoers

So if you want to edit it without using visudo, you have to
do

sudo chmod a+w /etc/sudoers

(or something similar) then do

sudo vim /etc/sudoers

I wonder if there's any way to make it impossible to touch
/etc/sudoers without visudo. Or at least make it even more
difficult -- something like tweaking /etc/vim/vimrc to
disallow editing unless some condition is met. Of course
we'd have to do the same for emacs and pico and nano ... and
'cat', for that matter, and 'echo' ... and anything else
that could possibly have an effect on /etc/sudoers.
::snicker:: But still, something to lessen the likelihood of
major damage would be nice.

-- 
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050629/63266584/attachment.pgp>


More information about the ubuntu-users mailing list