Subject: Re: PermitRootLogin in SSHd (WAS: Re: Telnet logins)
To: Chris Rupnik <email@example.com>
From: Gavan Fantom <firstname.lastname@example.org>
Date: 08/24/2001 13:10:42
On Mon, 20 Aug 2001, Chris Rupnik wrote:
> I have an open challenge for anyone at the office. Find me something that
> sudo cannot do, and I will give you 5$.
> So far, no one has collected any money from me.
sudo cannot provide a trusted audit trail if it is used to give users a
high level of root access. If somebody has permissions to edit the
logfiles (and you can get a shell from practically any non-trivial
program) then they're free to remove or alter all traces of their
Not saying that sudo isn't useful, because it is. I'm just objecting to
your statement that it can do anything.
Gillette - the best a man can forget