Gentoo Archives: gentoo-user

From: Stroller <stroller@××××××××××××××××××.uk>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Permissions of /etc/sudoers
Date: Mon, 09 Feb 2009 04:36:24
Message-Id: E47BA080-7734-404A-B9C8-A41307B778E9@stellar.eclipse.co.uk
1 Hi there,
2
3 I'm just in the process of setting up my lovely new system :D, in the
4 very first post-install steps.
5
6 I install sudo, give my user wide sudo rights and then set
7 "PermitRootLogin no" in /etc/ssh/sshd_config.
8 (Critique of this measure welcomed).
9
10 Anyway, as root I started to edit /etc/sudoers and vim complained
11 "editing a read-only file".
12
13 Sure enough, /etc/sudoers has permissions 440, so I had to `chmod 640 /
14 etc/sudoers` before editing it & changing it back.
15
16 I am sure I did not have to do this last time I installed a system,
17 although that would have been at least a couple of years ago.
18
19 Obviously /etc/sudoers is a security-critical file and one wishes to
20 prevent attackers from editing it, but surely if a file belongs to
21 root there's not much point (??) in preventing root from writing to
22 it, because root can always change the permissions and edit the file,
23 just as I have done.
24
25 I see from some Googling that sudo complains if the permissions on
26 this file are greater than 4xx - can anyone explain why, please?
27
28 I'm sure there is something I am not understanding, but my naive
29 analysis suggests the only reason for this behaviour is to
30 inconvenience administrators!
31
32 Stroller.

Replies

Subject Author
Re: [gentoo-user] Permissions of /etc/sudoers Michael Hentsch <gentoo@×××××××××××.org>
[gentoo-user] Re: Permissions of /etc/sudoers Nikos Chantziaras <realnc@×××××.de>