Hacker News new | ask | show | jobs
by moistbar 1972 days ago
sudo doesn't have to grant full root access to everyone in the group. It can be set up such that certain users only have the ability to run specified commands as root, which is handy for orgs where you might have a group of tier 1 techs that you want to be able to run certain scripts (written by tier 2 or 3, of course) that require root, but you don't trust the engineers enough to have root access to everything.
1 comments
65a 1971 days ago
It is almost always the case that a sufficiently malicious user can find a way to turn that into full blown root access.
link
moistbar 1968 days ago
So that means they should get full blown root from the beginning?
link
Spivak 1959 days ago
IMHO yes because then you treat the access with the gravity that is required.
link