[sudo-users] sudo remove -s and -i option

David Ledger david.ledger at ivdcs.co.uk
Tue Aug 22 11:18:53 MDT 2017

On 22 Aug 2017, at 11:35, Goodman Leung wrote:

> yes , i agree with you ,
> only allow explicit commands is more effective , but we it is not easy 
> to a running business system .
> 在 2017/8/22 15:28, Paul Cantle 写道:

As a contact Unix SysAdmin since 1990 I’ve seen many ‘security’ 
scenarios, and the root (:-)) of your problem isn’t sudo, but most 
likely the security policy. Usually when it’s a battle between 
security and getting things done it means that the security policy is 
badly thought out. What you need are people who know what they are doing 
who are totally trustworthy and very careful how they do things. 
Externally produced security policies are the worst. Your company pays 
them money, they give you a policy; but it’s then not their problem 
that things can’t get done. Where it appears to work there’s usually 
a hidden back door somewhere.


More information about the sudo-users mailing list