[sudo-users] How to prevent editing sudoers-file
Matthew Hannigan
mlh at zip.com.au
Sun Nov 26 20:47:46 EST 2006
On Mon, Nov 27, 2006 at 02:31:30AM +0100, Huibert.Kivits at mail.ing.nl wrote:
> If you store all sudo authorizations in LDAP, you can be certain the
> user has no ability to change his sudo authorizations.
All you need to do is turn sudo auth by ldap, which can be done
by root.
Really this is a dead-end; leave it.
(I'm surprised no-one has mentioned sudoshell yet -- or have they?)
Matt
More information about the sudo-users
mailing list