Locking down sudo
We've been using the sudo
command throughout the book. In fact, we took a deeper look at it in Chapter 2, Managing Users and Permissions. Therefore, I won't go into too much detail regarding sudo
here, but some things bear repeating as sudo
has a direct impact on security.
First and foremost, access to sudo
should be locked down as much as possible. A user with full sudo
access is a threat, plain and simple. All it would take is for someone with full sudo
access to make a single mistake with the rm
command to cause you to lose data or render your entire server useless. After all, a user with full sudo
access can do anything root
can do (which is everything).
By default, the user you've created during installation will be made a member of the sudo
group. Members of this group have full access to the sudo
command. Therefore, you shouldn't make any users a member of this group unless you absolutely have to. In Chapter 2, Managing Users and...