-
I am using a Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding?
- If yes, then is it a security hole? Since users other than root could run with root privilege?
thanks in advance,
George
Best Answer
It is not a security hole, at least no more than
suis.sudois just of way for an administrator for having a quick root access without using a root shell (which can be dangerous).sudojust requires the user to enter his own password and will indeed give him root access (try$ sudo whoami). However, not everyone should be in the/etc/sudoersfile.If you take a look at
sudomanpage, you'll find how to limitsudoto some simple commands.You can for instance, only allow the user
bobto execute$ sudo poweroffwithout allowing him to do$ sudo cat /etc/shadow.So no, it's not a security hole if you configure and use it correctly. If you don't want your users to have a root shell, think of forbidding commands like
$ sudo su.