sudo and /etc/sudoers
Derek Broughton
derek at pointerstop.ca
Mon Dec 29 23:27:42 UTC 2008
jdow wrote:
> From: "Derek Broughton" <derek at pointerstop.ca>
>> _Somebody_ has to run root programs, and ime it is both possible and
>> advisable to have it not be somebody who is logged in as root. On one of
>> my
>> large server systems, I am one of the two prime administrators - neither
>> one
>> of us actually has the root password, which _does_ exist but only the
>> daytime computer room operator has. Works fine.
>
> I'd feel safer with that sort of configuration if the sudo program had
> an option to use a second password list that had a second unique
> encrypted password for each of the sudoers. Then if your password is
> cracked the person still can't get at sufficient root level tools to
It would be pretty pointless, for the same reason that we don't want to be
handing out the root password to everybody - _some_ (probably most) of your
users would just set the password to be the same as their user password. If
you did anything to prevent that, they'd either set it to the closest
possible permutation of their user password, or write it down.
More information about the ubuntu-users
mailing list