[sudo-users] sudo remove -s and -i option
david.ledger at ivdcs.co.uk
Tue Aug 22 11:18:53 MDT 2017
On 22 Aug 2017, at 11:35, Goodman Leung wrote:
> yes , i agree with you ,
> only allow explicit commands is more effective , but we it is not easy
> to a running business system .
> 在 2017/8/22 15:28, Paul Cantle 写道:
As a contact Unix SysAdmin since 1990 I’ve seen many ‘security’
scenarios, and the root (:-)) of your problem isn’t sudo, but most
likely the security policy. Usually when it’s a battle between
security and getting things done it means that the security policy is
badly thought out. What you need are people who know what they are doing
who are totally trustworthy and very careful how they do things.
Externally produced security policies are the worst. Your company pays
them money, they give you a policy; but it’s then not their problem
that things can’t get done. Where it appears to work there’s usually
a hidden back door somewhere.
More information about the sudo-users