TB0ne |
09-25-2013 10:33 AM |
Quote:
Originally Posted by TobiSGD
(Post 5034626)
1. I don't see any reason to use the NOPASSWD option.
|
Well, that was the option I had in the example I posted. No real REASON to, and it's totally optional.
Quote:
2. The whole point of using sudo is to give a user only some privileges that usually belong to root. May you please explain why this is horribly insecure?
|
To me (and I'm fully prepared to admit I may be paranoid about such things), is that the above setup will let the user change ANYONE'S password, except root. If another user is in the sudoers file with more access, the user can now log in as THEM, get a root shell/run other commands, and have a field day. There may be others users set up as group 0 (I know...but it COULD happen), and the same applies.
I *NEVER* give sudo rights to ANYONE for ANYTHING, unless I know I can trust them on the system. It does create more work at times, but keeps me from having to undo damage and answer questions to auditors...I feel it's worth the tradeoff.
|