1 |
Stroller schrieb: |
2 |
> Hi there, |
3 |
> |
4 |
> I'm just in the process of setting up my lovely new system :D, in the |
5 |
> very first post-install steps. |
6 |
> |
7 |
> I install sudo, give my user wide sudo rights and then set |
8 |
> "PermitRootLogin no" in /etc/ssh/sshd_config. |
9 |
> (Critique of this measure welcomed). |
10 |
> |
11 |
> Anyway, as root I started to edit /etc/sudoers and vim complained |
12 |
> "editing a read-only file". |
13 |
The file /etc/sudoers should always be edited with visudo. visudo uses |
14 |
file locking, provides basic sanity checks and checks for parse errors. |
15 |
|
16 |
> |
17 |
> Sure enough, /etc/sudoers has permissions 440, so I had to `chmod 640 |
18 |
> /etc/sudoers` before editing it & changing it back. |
19 |
|
20 |
440 is ok. |
21 |
> |
22 |
> I am sure I did not have to do this last time I installed a system, |
23 |
> although that would have been at least a couple of years ago. |
24 |
> |
25 |
> Obviously /etc/sudoers is a security-critical file and one wishes to |
26 |
> prevent attackers from editing it, but surely if a file belongs to |
27 |
> root there's not much point (??) in preventing root from writing to |
28 |
> it, because root can always change the permissions and edit the file, |
29 |
> just as I have done. |
30 |
> |
31 |
> I see from some Googling that sudo complains if the permissions on |
32 |
> this file are greater than 4xx - can anyone explain why, please? |
33 |
> |
34 |
> I'm sure there is something I am not understanding, but my naive |
35 |
> analysis suggests the only reason for this behaviour is to |
36 |
> inconvenience administrators! |
37 |
> |
38 |
> Stroller. |
39 |
> |
40 |
> |
41 |
> |