On 10/26/22 12:22 PM, Neil Bothwick wrote:
> You need to be root to write to /etc/sudoers.d. If someone has that
> access, you are already doomed!
And what happens if someone uses the existing root-via-sudo access to
break sudo?
You loose root-via-sudo access.
Someone could become root, via sudo, edit the sudoers file without using
visudo, introduce a syntax problem, thereby breaking sudo (fail secure).
You could easily do this to yourself if you don't follow best practices.
--
Grant. . . .
unix || die
> You need to be root to write to /etc/sudoers.d. If someone has that
> access, you are already doomed!
And what happens if someone uses the existing root-via-sudo access to
break sudo?
You loose root-via-sudo access.
Someone could become root, via sudo, edit the sudoers file without using
visudo, introduce a syntax problem, thereby breaking sudo (fail secure).
You could easily do this to yourself if you don't follow best practices.
--
Grant. . . .
unix || die