mlh at zip.com.au
Tue Mar 26 17:50:42 EST 2002
Ben Falls wrote:
> We have implemented sudo in our environment. However our security
> department has concerns about allowing the root account to use sudo. Is
> this a valid security concern? Has anyone else set up sudo this way? We
> are a large financial organization, so security is a very big thing
> here. Any comments would be appreciated.
One risk is that if the sudoers file has a bug/misconfiguration, and
allows non-root to run root's sudo commands, then might allow them
to chain commands somehow and run more than they should. I think
this is covered in the sudo docs.
I have a hard time imagining such a case though.
The benefit of allowing root to run sudo commands is that
you can test easily.
More information about the sudo-users