Security Implications of Giving Root Access to Group of Untrusted Users

[bagasme]

Hello all,

Let's say that on a production system, a sysadmin configure /etc/sudoers with following entry:

%teens ALL=(ALL:ALL) ALL

The entry above allows teens group (which is untrusted) to execute any commands with sudo. The sysadmin
assumed that teens group knows what they are doing.

Is it true that with above situation, the sysadmins effectively giving the teens group root access? Can it harm the system?

Bagas

 

[arochester]

https://www.serverlab.ca/tutorials/linux/administration-linux/adding-users-and-groups-to-sudoers/ ?

 

[bagasme]

Hmm... The link above also advocate same setup as above (my question), so let me reiterate: Can adding untrused users and groups to sudoers cause havoc on production system?

 

[SBlackLinux]

If in doubt, take them out. Easy to put them back in if su access is frequently required.

 

[bagasme]

If in doubt, take them out. Easy to put them back in if su access is frequently required.

But in my case sudoers is used in conjunction with sudo, not directly accessing root via su.

 

[JasKinasis]

If you've added an untrusted group to the sudoers file -then anybody in that group can issue any command as if they were root.

So yes - members of this group could very easily damage, or completely bork your system.

If they are untrusted - they shouldn't be granted access to sudo at all!

 

[bagasme]

If you've added an untrusted group to the sudoers file -then anybody in that group can issue any command as if they were root.

So yes - members of this group could very easily damage, or completely bork your system.

If they are untrusted - they shouldn't be granted access to sudo at all!

Thanks for explanation.