sudo and /etc/sudoers
jdow at earthlink.net
Tue Dec 30 02:47:04 UTC 2008
From: "NoOp" <glgxg at sbcglobal.net>
Sent: Monday, 2008, December 29 18:02
> On 12/29/2008 05:45 PM, Res wrote:
>> On Mon, 29 Dec 2008, Derek Broughton wrote:
>>> LOL. What a ridiculous attitude from somebody who claims to be an
>>> _Somebody_ has to run root programs, and ime it is both possible and
>> there is asuch a thing called automation, maybe use dictionary.com if you
>> dont know what it means.
>>> large server systems, I am one of the two prime administrators - neither
>>> of us actually has the root password, which _does_ exist but only the
>>> daytime computer room operator has. Works fine.
>> Then you cant be trusted enough, so the daytime guy gets killed in a car
>> accident or is dismissed, someone else needs to know it, especially in
>> later case to change it.
> Reminds me of the recent Terry Childs case/issue w/San Francisco:
> I can only hope that Derek's company has the root password locked up
> someplace that can be accessed in the event the daytime guy goes missing.
In most cases if there is private unmonitored physical access to the
machine you can figure that security is nil. You reboot the machine
with substitute media of some sort and walk through the password reset
drill. I've done that several times. It's WAY easier than opening a
GSA safe after forgetting the password and not having it written down
because the last time the guy set it he screwed up.
More information about the ubuntu-users