sudo and /etc/sudoers

Smoot Carl-Mitchell smoot at
Sun Dec 28 00:18:48 UTC 2008

On Sun, 2008-12-28 at 10:01 +1000, Res wrote:
> On Sat, 27 Dec 2008, Smoot Carl-Mitchell wrote:
> > a bit dangerous.  Wait until you do something like this inadvertently:
> >
> > 1) Open a root shell with sudo -i
> > 2) cd to / for some reason
> > 3) Work in your regular shell and discover some directory you want to
> > delete all the files in a protected directory
> > 4) Switch to the root shell and run "rm -rf *" thinking you are in the
> > correct directory.  Oops.....
> thats just FUD, if you dont know what your doing or dont trust 
> yourself, you should never have root access in the first place.

It is not FUD.  I have seen experienced sysadmins make these kinds of
mistakes.  It happens.  sudo helps with these kinds of errors. It is by
no means perfect, but it does help.

> > I am not sure what you mean by "caching".  sudo does not cache anything.
> eerrrr sudo caches auth timestamp as you mentioned, its a security risk if
> you close the window, and someone opens it up when you go for a coffee 
> and types sudo -i and has a root on your box, no passwd required, sure 
> youd have to be unlucky, but it by default exists, at elast when I logout, 
> no one gets root axs here.

Same as leaving a root shell window open which is what you end up doing
when you get tired of typing passwords.  sudo at least times out after 5
minutes (the default).  A root shell left open does not timeout unless
you set the logout timer.
Smoot Carl-Mitchell
System/Network Architect
smoot at
+1 480 922 7313
cell: +1 602 421 9005

More information about the ubuntu-users mailing list