sudo and /etc/sudoers
Derek Broughton
derek at pointerstop.ca
Mon Dec 29 15:21:59 UTC 2008
Karl F. Larsen wrote:
> Matthew Flaschen wrote:
>>
>> Keep in mind that /etc/sudoers does more than just say, "Johnny can have
>> root but Billy can't". It provides very fine granularity (which users
>> and/or groups, which executables, which password to ask, etc.).
>> Designing a better file format would be possible but non-trivial.
> Yes and it is seldom used.
Once again, you make a statement without the slightest clue how true it is.
/etc/sudoers is used often. I have a mere two-user system, and I have all
kinds of rules. Commands that I can run without a password; a few commands
that my other user can run _with_ a password; commands that I or the other
user can run from other systems; even fewer commands that absolutely anybody
can run.
> With a lot of thought, if I was running a
> Unix computer with many users I would disable sudo, get me a root
> password, and handle the users with which groups they belong to. Limit
> the amount of space each can use, and things like that.
What would sudo have to do with quotas? The very last thing I'm _ever_
doing on any *nix system is giving out the root password to anybody. A
shared secret, isnt. If you're running such a system with many users, you
are either going to have to share that root password, or _you_ will be
always on-call.
More information about the ubuntu-users
mailing list