Easy Way to Secure Sudoers File on NFS Mount?

Alek O. Komarnitsky (N-CSC) alek at ast.lmco.com
Wed Aug 15 15:54:52 EDT 2001

> From: Chris McConnell <chrism at support.com>
> Subject: Easy Way to Secure Sudoers File on NFS Mount?
> To: sudo-users at courtesan.com
> Hello.
> Is there an easy way to secure the sudoers file?
> I would like to prevent users who have sudo permissions (in the sudoers
> file)  from being able to modify the sudoers file themselves.
> I have the sudoers file on an NFS mount, accessable by all my servers
> with 400 perm's.  I suppose that I could set it up so that only a few
> trusted secure hosts had write perm's on this export, but is there an
> easier way to simply secure the sudoers file?
> Thanks!

Best approach IMHO is to export from the server read-only and/or
don't set root=UNTRUSTEDHOSTS in the exports/dfstab file ...

This really isn't a sudo question but more a generic file permission question.

More information about the sudo-users mailing list