Hi Tom
En 25 de febrero de 2020 18:39:51 tom
<tom@???> escribió:

> On Mon, 24 Feb 2020 14:33:25 +0100
> Tito via Dng <dng@???> wrote:
>
>> and only for known "safe" commands. For everything else, it'd be much
>> better to just log in on a tty as root. Same goes for su.
>>
>>
>> for sudo only if set
>>
>>

>> user    ALL=(ALL:ALL) ALL

>>
>>
>> or if the user is added to the sudo group
>>
>>
>> # Allow members of group sudo to execute any command
>> %sudo ALL=(ALL:ALL) ALL
>>
>>
>> if used for single commands it should not be a problem
>> unless you allow to open a root xterm....
>> To replace su or sudo binary you need root so at this point
>> the system is already compromised.
>> The use with no password solves one problem but creates others
>> like everybody being able to wreck the system with synaptic
>> or gparted as soon as they find an unattended desktop.
>> Don't want my mom to use synaptic......just mail and browser.
> just so you know, it's more traditional and portable to allow the wheel
> group to sudo, not have a separate sudo group.
> https://en.wikipedia.org/wiki/Wheel_%28computing%29
> %wheel ALL=(ALL:ALL) ALL

Wheel seems to be analogous to sudo, but focused to other diferent unix
systems (like, for example, BSD). Am I wrong?

Aitor.



Enviado con AquaMail para Android
https://www.mobisystems.com/aqua-mail