Bug 133358 - Defaults in /etc/sudoers insecure (repeat of 105641)
Summary: Defaults in /etc/sudoers insecure (repeat of 105641)
Status: RESOLVED WONTFIX
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Security (show other bugs)
Version: unspecified
Hardware: i586 SuSE Linux 10.0
: P5 - None : Major
Target Milestone: ---
Assignee: Marian Jancar
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-10 22:22 UTC by Sam Tingleff
Modified: 2005-11-11 08:22 UTC (History)
1 user (show)

See Also:
Found By: Integration Test
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam Tingleff 2005-11-10 22:22:49 UTC 
This is a repeat of bug 105641. I want to give another real user vote for changing the default /etc/sudoers file to not NOT use:

Defaults targetpw
%users ALL=(ALL) ALL

Defaults are important! Many users will not not know better and will assume this is the correct/only behavior of sudo. Using sudo in this way makes sudo almost completely and diverges from Debian and Red Hat.  See this thread for example:
http://www.justlinux.com/forum/showthread.php?s=91d0adf83527539f71227567b178d9be&threadid=138057
Comment 1 Ludwig Nussel 2005-11-11 08:22:39 UTC 
The typical default sudo configuration means you can't use sudo out of the box. With those two lines you can. If you want your sudo to behave differently change the config file. That's the purpose of a config file.