2 Replies Latest reply: Aug 27, 2012 2:50 PM by Catch-22 RSS

    is there any way to remove "sudo" from the server?

      sudo can do a lot of things which root can do. I tried the following to remove, but got failed message. Is there any graceful way?

      Or, maybe I don't have to remove it, by default, nobody can use sudo to run root only commands, unless I give them priviledge to do so by using "visudo", right?

      Please advice, Thanks!

      Edited by: 943714 on Aug 27, 2012 11:59 AM
        • 1. Re: is there any way to remove "sudo" from the server?
          I just did a quick peek into the man page for sudo.
          (I did a Google search on "linux man sudo" and read the first result.)

          In there, I saw:
          +"If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default ( NOTE: in the default configuration this is the user's password, not the root password).+"

          I suggest you could consider modifying that default configuration to require the root password at all times, then just don't give out the password.

          There's lots more in the man page but I thought I'd grab only that small tidbit.
          • 2. Re: is there any way to remove "sudo" from the server?
            The idea of the sudo command is to give a user root access without the need to tell them the root password. When the user is not already root the sudo command will ask the user for the current user account password. This is to prevent that someone uses the sudo command in case your session gets hijacked. There is usually a default timeout. As long as you enter another sudo command within 5 minutes of the last sudo command, you won't have to enter your password.

            The visudo command is typcially used to edit the /etc/sudoers file, which defines which users or groups are allowed to use the sudo command and to which commands or group of commands it applies. For instance if you make an entry in the /etc/sudoers file to allow a certain user to use all commands, then the user can enter "sudo su -" to become root without having to know the root password.

            Edited by: Dude on Aug 27, 2012 12:47 PM