Good! You should be worrying about security. While using sudo is much more secure than not using it, the default settings may be greatly improved.
Take the time to learn a bit about sudo
itself and the /etc/sudoers file. In particular,
learn that in most cases you should not be using the ALL=(ALL) ALL
specification! Yes, that will
work, but it’s not even remotely secure. The only difference between
that and just giving everyone the root password is
that they don’t know the root password. They can still do everything
root can do. sudo logs the
commands it runs, but that’s trivial to avoid by using sudo bash
.
Second, give your needs some serious thought. Just as you
shouldn’t be using the ALL=(ALL) ALL
specification, you probably shouldn’t be managing users one by one
either. The sudoers utility allows for very
granular management and we strongly recommend using it. man sudoers
provides a wealth of material and examples, especially the section
on preventing shell escapes.
sudoers allows for four kinds of aliases: user, runas, host, and command.
Judicious use of them as roles or groups will significantly reduce the
maintenance burden. For instance, you can set up a User_Alias
for
BUILD_USERS
, then define the machines those
users need to run on with Host_Alias
and the
commands they need to run with Cmnd_Alias
. If you
set a policy to only edit /etc/sudoers on one
machine and copy it around to all relevant machines periodically using
scp with public-key authentication, you can set up
a very secure yet usable system of least privilege.
Unfortunately, sudo is not installed by default on every system. It is usually installed on Linux and OpenBSD; other systems will vary. You should consult your system documentation and install it if it’s not already there.
man sudo
man sudoers
man visudo
SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett (O’Reilly)
52.15.129.253