[CentOS] Giving full administrator privileges through sudo on production systems

Fri Aug 16 11:21:10 UTC 2019
Warren Young <warren at etr-usa.com>

On Aug 15, 2019, at 11:04 PM, Bagas Sanjaya <bagasdotme at gmail.com> wrote:
> 
> Based on above cases, is it OK to give group of random users full administrator privileges using sudo, by adding them to sudoers with ALL privileges? Should sudoers call customer service number instead of sysadmin when something breaks?

sudo is a tool for expressing and enforcing a site’s policies regarding superuser privilege.

If your sudo configuration expresses and enforces those policies the way you want it to, then the configuration is correct.  If it does not, then fix it.

sudo doesn’t tell you what your policies should be.

We can suggest policies to you, but not based only on the information you’ve just given us.  To properly advise you, we’d need to know your threat models, the risk assessments, and more.  In short, we’d have to become your system administrators.