Easy Way to Secure Sudoers File on NFS Mount?
Alek O. Komarnitsky (N-CSC)
alek at ast.lmco.com
Wed Aug 15 15:54:52 EDT 2001
> From: Chris McConnell <chrism at support.com>
> Subject: Easy Way to Secure Sudoers File on NFS Mount?
> To: sudo-users at courtesan.com
> Is there an easy way to secure the sudoers file?
> I would like to prevent users who have sudo permissions (in the sudoers
> file) from being able to modify the sudoers file themselves.
> I have the sudoers file on an NFS mount, accessable by all my servers
> with 400 perm's. I suppose that I could set it up so that only a few
> trusted secure hosts had write perm's on this export, but is there an
> easier way to simply secure the sudoers file?
Best approach IMHO is to export from the server read-only and/or
don't set root=UNTRUSTEDHOSTS in the exports/dfstab file ...
This really isn't a sudo question but more a generic file permission question.
More information about the sudo-users