| View previous topic :: View next topic |
| Author |
Message |
swingarm
l33t
Joined: 08 Jun 2002
Posts: 627
Location: Northern Colorado
|
 Posted: Wed Dec 25, 2002 8:22 pm Post subject: Sudo security question.. |
 |
|
| I'm using Gentoo 1.4rc1 and Blackbox. My question is in the way I use sudo. I setup my sudo conf file to let all the users in the wheel group to run all commands without a password. So I can do 'sudo endeavour2' without worrying about permissions when I'm copying, moving,...etc. I was wondering if by using sudo this way is it just the same as logging in as root therefore nullifying the reason for having a user in the first place? I'm asking this because I frankly don't know. Couldn't someone conceivably break into my computer and get permission to do anything just by typing 'sudo XXX'? I just need someone with more experience in this to chime in. |
|
| Back to top |
|
 |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20113
|
| Posted: Wed Dec 25, 2002 8:33 pm Post subject: |
|
|
Moved from Chat.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Wed Dec 25, 2002 8:43 pm Post subject: Re: Sudo security question.. |
|
|
| swingarm wrote: | | I was wondering if by using sudo this way is it just the same as logging in as root therefore nullifying the reason for having a user in the first place? |
Yes, in that one particular program is running as root and (if compromised) would give total control over your machine; but no, in that not all of the programs are running as root. It's more secure than logging in as root, but less secure than carefully setting permissions so root needn't be used.
| swingarm wrote: | | Couldn't someone conceivably break into my computer and get permission to do anything just by typing 'sudo XXX'? |
Yes.
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
|
Networking & Security
