[sudo-users] How to prevent editing sudoers-file

Matthew Hannigan mlh at zip.com.au
Sun Nov 26 20:47:46 EST 2006

On Mon, Nov 27, 2006 at 02:31:30AM +0100, Huibert.Kivits at mail.ing.nl wrote:
> If you store all sudo authorizations in LDAP, you can be certain the
> user has no ability to change his sudo authorizations.

All you need to do is turn sudo auth by ldap, which can be done
by root.

Really this is a dead-end; leave it.

(I'm surprised no-one has mentioned sudoshell yet -- or have they?)


More information about the sudo-users mailing list