> On Aug 16, 2019, at 6:21 AM, Warren Young <war...@etr-usa.com> wrote: > > On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdo...@gmail.com> wrote: >> >> Based on above cases, is it OK to give group of random users full >> administrator privileges using sudo, by adding them to sudoers with ALL >> privileges? Should sudoers call customer service number instead of sysadmin >> when something breaks? > > sudo is a tool for expressing and enforcing a site’s policies regarding > superuser privilege. > > If your sudo configuration expresses and enforces those policies the way you > want it to, then the configuration is correct. If it does not, then fix it.
Incidentally, sudo stands for substitute user do. Meaning: executing something as a different user. I keep repeading it to proficient Linux users who sometimes need my help too, amazingly they all percieve it as a super user do, not as a substitute user do. Even though “man sudo” says in the first line: - execute a command as another user… Just mentioning. Valeri > sudo doesn’t tell you what your policies should be. > > We can suggest policies to you, but not based only on the information you’ve > just given us. To properly advise you, we’d need to know your threat models, > the risk assessments, and more. In short, we’d have to become your system > administrators. > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos