Re: What can't sudo do?

From: Clive Menzies (clive_at_clivemenzies.co.uk)
Date: 03/16/04

  • Next message: Rajesh Menon: "invoke-rc.d: initscript apache, action "start" failed."
    Date: Tue, 16 Mar 2004 01:00:18 +0000
    To: debian-user@lists.debian.org
    
    

    On (15/03/04 15:49), Bill Moseley wrote:
    > On Mon, Mar 15, 2004 at 11:35:42PM +0000, Clive Menzies wrote:
    > > I use sudo for all my machines (servers and workstation) with full root
    > > privileges. You can restrict what sudoers can do if you're concerned
    > > about someone gaining access to your user account (man sudo).
    >
    > So in that case you still need to su root for some tasks.
    A few yes but most of the time sudo suffices

    >
    > > I think the main benefit is that you can't do something dangerous as
    > > root, should you forget to revert to your user account. With sudo you
    > > have to consciously sudo each command.
    >
    > Do you feel like your own account has too many privileges?
    No, but relatively few people have access to our network and I'm the
    only one who knows (albeit in a limited way) Linux/Debian.

    > You see where I'm coming from -- if I give myself enough access via sudo
    > to do normal stuff I'd need root for, then it's somewhat like having root
    > all the time. Well, I guess it's more likely to type rm -rf / than sudo
    > rm -rf / by mistake. I guess the key is to really limit what I can do
    > with sudo.
    That is a fairly difficult mistake to make but I'm sure that there are
    less obvious ways to inadvertantly screw something with root privileges

    > I'm changing my question, though. Let's put it this way -- say you
    > bought a machine and rack space from a provider and they only give you
    > sudo access to commands. Could you effectively manage the machine? And
    > if so would that mean then that your normal account had too much
    > privilege?
    If it is your machine, why would they need to restrict you in that way?
    It would suggest that your sudoer privileges would be restricted in some
    way ... it would depend on what those restrictions are.

    I'm getting out of my (shallow) depth here ;)

    Regards

    Clive

    -- 
    http://www.clivemenzies.co.uk
    strategies for business
    -- 
    To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
    

  • Next message: Rajesh Menon: "invoke-rc.d: initscript apache, action "start" failed."

    Relevant Pages

    • Re: user(s) question
      ... has su privileges. ... only sudo works. ... member of the admin group and can use sudo to gain root privilege. ... check if you can use sudo from that new account. ...
      (Ubuntu)
    • Re: Best solution for silly error?
      ... Initially I ran with one user, with admin privileges etc. ... ROOT. ... With Ubuntu, 'root' does not have a password ... Instead one *has* to use sudo. ...
      (Ubuntu)
    • Re: Best solution for silly error?
      ... Initially I ran with one user, with admin privileges etc. ... ROOT. ... Instead one *has* to use sudo. ... I believe MacOSX works much like Ubuntu, with the first user created given ...
      (Ubuntu)
    • Re: root group in solaris
      ... someone with sudo rights to ALL like this can easily get ... This will let anyone in the 'wheel' group to have 'root' sudo ... system if you want them to have those privileges. ...
      (Focus-SUN)
    • Re: user(s) question
      ... check if you can use sudo from that new account. ... NK> More precisely sudo privileges because the root account is locked ...
      (Ubuntu)