sudo and /etc/sudoers

Mark Haney mhaney at ercbroadband.org
Mon Dec 29 13:54:55 UTC 2008 

Karl F. Larsen wrote:
> Matthew Flaschen wrote:
>> Karl F. Larsen wrote:
>>   
>>>     The two Subject things and their man pages are the most obscure 
>>> information I have ever seen on my computer. They do work but in trying 
>>> to explain to myself HOW they work was a thankless job. I have an idea 
>>> how it works but why is it so darn crude? It would seem that someone who 
>>> fully understands the code could write something that makes /etc/sudoers 
>>> much easier to read.
>>>     
>> Keep in mind that /etc/sudoers does more than just say, "Johnny can have
>> root but Billy can't".  It provides very fine granularity (which users
>> and/or groups, which executables, which password to ask, etc.).
>> Designing a better file format would be possible but non-trivial.
>>
>> Matt Flaschen
>>
>>   
>     Yes and it is seldom used.

Really?  And you know this how?  Have you talked to a lot of us that 
does this for a living?  I would NEVER give full root access to a normal 
user unless it's me and my Admin co-workers.  Even then, running 
normally as root is verboten and I use sudo quite often to do things 
quickly without having to log into root.  Although, when testing 
configurations on servers I always keep a root window open (and well 
documented!) in case something goes pear shaped.


  With a lot of thought, if I was running a
> Unix computer with many users I would disable sudo, get me a root 
> password, and handle the users with which groups they belong to. Limit 
> the amount of space each can use, and things like that.
> 

And how exactly would this manage users who need root access to certain 
executables?  That's /the entire point/ of sudo.  No, it won't manage 
users and groups permissions, but it's designed to allow User A in 
Accounting to add a new user account to the accounting server if a new 
person is hired without giving them full root to that server and have 
them much something up.

Please, unless you have any sort of clue about what you're talking 
about, just don't.  I ask nicely.



-- 
Frustra laborant quotquot se calculationibus fatigant pro inventione 
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

More information about the ubuntu-users mailing list