Hi Tahis
putting a certain user Mr.X with ALL=(ALL)ALL permissions in the
sudoers file, gives him COMPLETE root previleges? In other words, if I
of course, this will give your Mr.X the privilegies of root, thats why
you should use this with care and choose whom is authorized to perform
as a root-privilege.
want that some people, for security reasons, stop using the root
account/password for accessing the servers, by crating a sudo user
with ALL previledges will decrease this risk? If this sudo account is
sudo decreases surely the risk to compromise actions as a root user
when some one is connected as a common user.
compromised, will the cracker have COMPLETE root previleges?
if the sudo is compromised or even your sudo-commands are compromised,
you will of course give a wide door opened on crackers to perform
attacks as root.
check out if there is not rootkits installed on your system and
perform a tripwire check to make sure the integrity of your system,
before publishing sudo commands to users.
The other questions is how to set the time (in sudoers file) for the
user to work with sudo, without having to write the password (let's
say that I want to work for 20 minutes without having to write the
password again)
If we set timestamp_timeout to -1, "Mr.X" will only have to prove that
he knows the password once. After that, it will not be forgotten, even
if he logs out. But I dont know if we can set a time delay in this
field..
#
#Defaults:Mr.X timestamp_timeout=-1
#
otherwise you have a good tutorial on using sudo here
http://www.aplawrence.com/Basics/sudo.html
Cheers,
--
Richard RANDRIA
CNRS/IN2P3/LPNHE Jussieu - Paris VI
IT Soft/System Engineer Researcher
--
