Restricting root

Matthew Hannigan mlh at
Tue Mar 26 17:50:42 EST 2002

Ben Falls wrote:
> Hi,
> We have implemented sudo in our environment. However our security 
> department has concerns about allowing the root account to use sudo. Is 
> this a valid security concern? Has anyone else set up sudo this way? We 
> are a large financial organization, so security is a very big thing 
> here. Any comments would be appreciated.

One risk is that if the sudoers file has a bug/misconfiguration, and
allows non-root to run root's sudo commands, then might allow them
to chain commands somehow and run more than they should.  I think
this is covered in the sudo docs.

I have a hard time imagining such a case though.

The benefit of allowing root to run sudo commands is that
you can test easily.


More information about the sudo-users mailing list