From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7830E158020 for ; Wed, 26 Oct 2022 20:08:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B77E4E09EC; Wed, 26 Oct 2022 20:08:25 +0000 (UTC) Received: from mail.digimed.co.uk (mail.digimed.co.uk [82.69.83.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4A04DE09A1 for ; Wed, 26 Oct 2022 20:08:25 +0000 (UTC) Received: from digimed.co.uk (shooty.digimed.co.uk [192.168.1.4]) by mail.digimed.co.uk (Postfix) with ESMTPS id 2B23A9649D for ; Wed, 26 Oct 2022 21:08:24 +0100 (BST) Date: Wed, 26 Oct 2022 21:08:23 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Update to /etc/sudoers disables wheel users!!! Message-ID: <20221026210823.70f96fcc@digimed.co.uk> In-Reply-To: <44b8fdd1-a618-ad1c-3b9b-e256ad555440@spamtrap.tnetconsulting.net> References: <20221026192203.4721a707@digimed.co.uk> <44b8fdd1-a618-ad1c-3b9b-e256ad555440@spamtrap.tnetconsulting.net> Organization: Digital Media Production X-Mailer: Claws Mail 4.1.1 (GTK 3.24.34; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/bmsuxR90Wo1YpnJbNGr4fbF"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Archives-Salt: eaa47cf0-f074-41f0-a974-d44d1621164e X-Archives-Hash: 9bdadf5ba440348775cc824eb34aa1c5 --Sig_/bmsuxR90Wo1YpnJbNGr4fbF Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 26 Oct 2022 13:28:49 -0600, Grant Taylor wrote: > > You need to be root to write to /etc/sudoers.d. If someone has that > > access, you are already doomed! =20 >=20 > And what happens if someone uses the existing root-via-sudo access to=20 > break sudo? So they have root access, nothing has changed. How they get root access is irrelevant, just that they have it. --=20 Neil Bothwick A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort. --Sig_/bmsuxR90Wo1YpnJbNGr4fbF Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE8k9T/rX16EJxEKG692eFu0QSMJgFAmNZk7cACgkQ92eFu0QS MJgu8xAAiFXogzrKRbqq0lSZnNnd55SFcNzK1RrrlqCm59ZO/1IUTQ5yaIlbL5m9 TjygQwdXlU4yBBdHnzXmcxa6jbDvyFXQ6thUJMfZnT6Fm4qWyhQ+7f1ZT/AeeIqj ncDITqQlIjAppSEBpMRideQOX8Q41p/PlOWwpN+cjdFd2nIIdZzm56ptw067Cgsf VXTuTEbcpBC71sk7ikjG6ozFHBJcRVpxqUNh2wcj7SYtVRZmip10a7a92gRy7CU6 DSTAuplUm1PH2xZoalFGqa1JvkAP3IgiAjkR4MYTna+H3zwm5tWo/1Vh44T8SqXS HlW46zrRZ3Q3pdMoBxf0Aqo3nfzzW6WBKmmbyQsYPwt69t7G3VQJZEbVkQF2rbiD rbLRNERjtvhVuybvS1SAnfVlgfzgOy2VSpW1fzW7x2WxJP08IEmsWbh6v9eqcQo5 chRR0m3YifU27dx45SxIJPG+HyNqEZci4GRQf4te6/IDRQwZW9nwOSfqeSaAS2wX WDZe0nLDwYM7JnK4rhmP4ZVlNejCidzsk+eEslLLkBcmb9LerZz6rNTucKIkfu3e Yw7vzkG4is6ApgdNezeSrNF4vqj3iW1zXwhtSPP2Tqhp7Ky28iA5Lqjr7ewrn+SN 6OW3KHa9/AtHq9DoRRxDm4vfkiWqqvDwTNUgVNRlwE+MxIpUBB4= =ptBe -----END PGP SIGNATURE----- --Sig_/bmsuxR90Wo1YpnJbNGr4fbF--