Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Dec 2012 15:44:10 -0800
From:      Kurt Buff <kurt.buff@gmail.com>
To:        Tim Daneliuk <tundra@tundraware.com>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Somewhat OT: Is Full Command Logging Possible?
Message-ID:  <CADy1Ce5CCA4ExOok4DndA4C-MazbegZY1OKztCNqUZHGzLJgTA@mail.gmail.com>
In-Reply-To: <50BFD674.8000305@tundraware.com>
References:  <50BFD674.8000305@tundraware.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 5, 2012 at 3:19 PM, Tim Daneliuk <tundra@tundraware.com> wrote:
> I am working with an institution that today provides limited privilege
> escalation
> on their servers via very specific sudo rules.  The problem is that the
> administrators can do 'sudo su -'.
<snip>


sudo is misconfigured.

man 5 sudoers and man 8 visudo



Kurt



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADy1Ce5CCA4ExOok4DndA4C-MazbegZY1OKztCNqUZHGzLJgTA>