sudo and root shell

[ksas025]

is there anyway to get an interactive root shell with sudo? I want to restrict the root account to ttys = /dev/ltf0 only and allow only certain users to access a root interactive terminal remotely. Any ideas?

Thanks.

 

[RodKnowlton]

sudo su -

If you want to give more than one person root access though, you'd be better off going with wide open sudo access for them, like this:

User_Alias    ADMINS = user1, user2, user3
ADMINS   ALL = (ALL) ALL

That'll provide a log of everything that gets done, and by who.

Then make it policy that in situations where a shell is needed (e.g. to do wildcard operations in a directory the user doesn't have read permission on), they can use the command above but must exit the root shell as soon as done.

If you sit in a root shell the entire time you're on a machine, it's not a matter of if you'll foul something up by accident but when. Having to use sudo is like having to press those two buttons at arm's width to operate a hydraulic press. It protects you from your potentially distracted self.

- Rod


IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

A Simple Code for Posting on the Web

 

[ksas025]

Well that was easy. Thanks Rod.