for everyone whose sick of sudo read this
Stephen Ward
s.ward at auckland.ac.nz
Wed Jun 29 23:04:31 UTC 2005
vi /etc/sudoers
<edit file>
:w!
Done.
This is a dangerous road to go down. One major advantage of linux is
that I can change it. Sure you want to make it hard but windoze tries
to make it hard by simply not allowing you to do stuff manually - so you
have to jump through hoops to change stuff.
Basically, if you have permission to become root you should know what
you are doing so you should have full access. The control is to not
allow people to become root if they can't be trusted.
Stephen R Laniel wrote:
>On Thu, Jun 30, 2005 at 10:33:48AM +1200, Stephen Ward wrote:
>
>
>>Yes that is true, unfortunately as was proved in this case, should != do
>>
>>
>
>I'm curious how it happened, actually, because it's quite
>hard to edit the sudoers file without going through a lot of
>effort. Even if you do
>
>sudo vim /etc/sudoers
>
>it won't work, because the permissions on that file are
>
>-r--r----- 1 root root 376 2004-12-16 16:40 /etc/sudoers
>
>So if you want to edit it without using visudo, you have to
>do
>
>sudo chmod a+w /etc/sudoers
>
>(or something similar) then do
>
>sudo vim /etc/sudoers
>
>I wonder if there's any way to make it impossible to touch
>/etc/sudoers without visudo. Or at least make it even more
>difficult -- something like tweaking /etc/vim/vimrc to
>disallow editing unless some condition is met. Of course
>we'd have to do the same for emacs and pico and nano ... and
>'cat', for that matter, and 'echo' ... and anything else
>that could possibly have an effect on /etc/sudoers.
>::snicker:: But still, something to lessen the likelihood of
>major damage would be nice.
>
>
>
More information about the ubuntu-users
mailing list