On 12/5/05, Rony Bill ronbillypop@yahoo.co.uk wrote:
My only query is that if root access is not allowed for security, still anyone can simply sudo and gain access. How is the system protected from outside. If anyone can hack into the user account, can he then sudo and play ball? How secure is this sudo?
A question.
Say someone cracks into my system by using a user's password. So now obviously, the cracker has the password that will be asked when he executes sudo something as that user. Doesn't he have full access to the system?
Mrugesh
An extension to my own question.
Say I have a single user Ubuntu system. Now it seems that I'll be able to do anything with sudo, without having to su (That's the point of sudo, isn't it? Not requiring the root password..). So how much does the concept of group membership and ACLs apply here?
For example, will I be able to run a game if I'm not in the games group? Or will I be able to use the sound device if I'm not in the audio group? Will I be able to manipulate a file or directory via sudo, even if the ACLs (minimal and/or extended) don't allow me to?
As you can see, I'm confused as to how sudo would apply to the entire system, rather than just one or two commands that I would specify in the sudoers file. I asked Sanket for his /etc/sudoers file once, when he was on Ubuntu 5.04 I think. It was empty. So am I to understand that this sudo thing is hardcoded into the Ubuntu system?
Mrugesh