1 |
Hi there, |
2 |
|
3 |
I'm just in the process of setting up my lovely new system :D, in the |
4 |
very first post-install steps. |
5 |
|
6 |
I install sudo, give my user wide sudo rights and then set |
7 |
"PermitRootLogin no" in /etc/ssh/sshd_config. |
8 |
(Critique of this measure welcomed). |
9 |
|
10 |
Anyway, as root I started to edit /etc/sudoers and vim complained |
11 |
"editing a read-only file". |
12 |
|
13 |
Sure enough, /etc/sudoers has permissions 440, so I had to `chmod 640 / |
14 |
etc/sudoers` before editing it & changing it back. |
15 |
|
16 |
I am sure I did not have to do this last time I installed a system, |
17 |
although that would have been at least a couple of years ago. |
18 |
|
19 |
Obviously /etc/sudoers is a security-critical file and one wishes to |
20 |
prevent attackers from editing it, but surely if a file belongs to |
21 |
root there's not much point (??) in preventing root from writing to |
22 |
it, because root can always change the permissions and edit the file, |
23 |
just as I have done. |
24 |
|
25 |
I see from some Googling that sudo complains if the permissions on |
26 |
this file are greater than 4xx - can anyone explain why, please? |
27 |
|
28 |
I'm sure there is something I am not understanding, but my naive |
29 |
analysis suggests the only reason for this behaviour is to |
30 |
inconvenience administrators! |
31 |
|
32 |
Stroller. |