sudo and /etc/sudoers
Smoot Carl-Mitchell
smoot at tic.com
Sun Dec 28 00:18:48 UTC 2008
On Sun, 2008-12-28 at 10:01 +1000, Res wrote:
> On Sat, 27 Dec 2008, Smoot Carl-Mitchell wrote:
>
> > a bit dangerous. Wait until you do something like this inadvertently:
> >
> > 1) Open a root shell with sudo -i
> > 2) cd to / for some reason
> > 3) Work in your regular shell and discover some directory you want to
> > delete all the files in a protected directory
> > 4) Switch to the root shell and run "rm -rf *" thinking you are in the
> > correct directory. Oops.....
>
> thats just FUD, if you dont know what your doing or dont trust
> yourself, you should never have root access in the first place.
It is not FUD. I have seen experienced sysadmins make these kinds of
mistakes. It happens. sudo helps with these kinds of errors. It is by
no means perfect, but it does help.
> > I am not sure what you mean by "caching". sudo does not cache anything.
>
> eerrrr sudo caches auth timestamp as you mentioned, its a security risk if
> you close the window, and someone opens it up when you go for a coffee
> and types sudo -i and has a root on your box, no passwd required, sure
> youd have to be unlucky, but it by default exists, at elast when I logout,
> no one gets root axs here.
Same as leaving a root shell window open which is what you end up doing
when you get tired of typing passwords. sudo at least times out after 5
minutes (the default). A root shell left open does not timeout unless
you set the logout timer.
--
Smoot Carl-Mitchell
System/Network Architect
smoot at tic.com
+1 480 922 7313
cell: +1 602 421 9005
More information about the ubuntu-users
mailing list