sudo -s - Digit Technology Discussion Forum

30-06-2006, 08:43 PM	#1 (permalink)
ravix Right Off the Assembly Line Join Date: Apr 2006 Posts: 4	sudo -s any body can gain access to root by cmd "sudo -s" howto prevent this

	Advertisements. Register and be a member of the community to get rid of them.
Advertisement

30-06-2006, 08:58 PM	#2 (permalink)
JGuru Wise Old Owl Join Date: Dec 2005 Location: Space-time continuum Posts: 1,646	Re: sudo -s That's a good question!! Either you delete the sudo executable, or move it to some other place or rename it to a different name!! A good solution is move the executa -ble 'sudo to your '/home/' and don't give the other users read-access or any other access. 'Sudo' is located in the '/usr/bin' folder.

30-06-2006, 09:05 PM

#3 (permalink)

praka123

left this forum longback

Join Date: Sep 2005

Location: -

Posts: 7,536

Re: sudo -s

http://www.sudo.ws/pipermail/sudo-us...ay/001538.html

Quote:

In message <OF5E57D999.156B24E2-ON86256D24.00575E49-86256D24.005773A6 at cis.cat.c
om>
so spake "Nicholas C. Aganan" (Aganan_Nicholas_C):

> How will I disable sudo -s? I don't want this functionality to be given to
> my users.

"sudo -s" is just a shortcut for "sudo $SHELL". If your sudoers
file doesn't allow users t orun shells, they won't be able to do
"sudo -s" either.

- todd

Also refer:
http://forums.macnn.com/archive/index.php/t-18166.html

__________________
left this forum long back.Admin Can Delete this Account and posts Permanantly.Thank You
Get GNU/Linux - http://getgnulinux.org

Last edited by praka123; 30-06-2006 at 09:08 PM.

30-06-2006, 09:10 PM	#4 (permalink)
mehulved 18 Till I Die............ Join Date: Jul 2004 Location: India, Mumbai, Marine Lines Posts: 5,792	Re: sudo -s Just make it non-executable for other users except you. Code: sudo chmod o-x /usr/bin/sudo But if your account is compromised then well this trick won't help and neither will JGuru's.

01-07-2006, 12:41 AM	#5 (permalink)
JGuru Wise Old Owl Join Date: Dec 2005 Location: Space-time continuum Posts: 1,646	Re: sudo -s If you want the best unbreakable protection you must include Biometrics. Including a retina scan & a thumb print scanner. There are some Biometrics software available in Linux. The researchers say that even finger-print can be spoofed by using gelatin or other similar substances!! So the new Biometrics software looks for Sweat!! Read more about it here: http://news.zdnet.com/2100-1009_22-6003440.html Last edited by JGuru; 01-07-2006 at 12:46 AM.

01-07-2006, 06:52 PM

#6 (permalink)

chesss

mera kutch nahi ho sakta

Join Date: Oct 2005

Location: Delhi

Posts: 880

Re: sudo -s

Quote:

any body can gain access to root by cmd "sudo -s" howto prevent this

Wouldn't they have to know the pasword as well??

01-07-2006, 08:13 PM

#7 (permalink)

mediator

String Phreak

Join Date: Mar 2005

Location: In ur Evil Mind!

Posts: 2,457

Re: sudo -s

Quote:

Originally Posted by ravix

any body can gain access to root by cmd "sudo -s" howto prevent this

How dood?? My FC5 says "mediator is not in the sudoers file. This incident will be reported."

02-07-2006, 12:40 AM	#8 (permalink)
mehulved 18 Till I Die............ Join Date: Jul 2004 Location: India, Mumbai, Marine Lines Posts: 5,792	Re: sudo -s Well mediator just do this Code: su visudo And search for tutorials on net on how to add user/group to sudoers file. I have left the ubuntu defualt %admin ALL=(ALL) ALL. Well you can customise it to your needs.

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine