[CentOS] Giving full administrator privileges through sudo on production systems

Thu Aug 29 17:47:08 UTC 2019
Gianluca Cecchi <gianluca.cecchi at gmail.com>

On Thu, Aug 29, 2019 at 6:05 PM Valeri Galtsev <galtsev at kicp.uchicago.edu>
wrote:

>
>
> On 2019-08-29 10:53, Jonathan Billings wrote:
> > On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev wrote:
> >> root at point:/home/valeri # cd
> >> root at point:~ # whoami
> >> root
> >> root at point:~ # rm -rf /
> >> rm: "/" may not be removed
> >>
>

Sometimes the worst commands are those done not intentionally but due to
human error or underestimation: I remember one time on 1994 I executed
deltree  from c:\ on a Win 3.1 system and I had to reinstall the box...
perhaps a subliminal desire to install Linux...
So coming back to the initial question you can give sudo for all and the
user can be in / thinking to be in another directory and run a command like
$$$$ sudo find . -type f -exec rm -f {} \;
and the effects would not be nice at all
Or he/she can create a script that executes a change directory and then
remove/manipulate contents inside the destination directory and if he/she
doesn't test the return code of the "cd" command, and then actually the
removal actions will run from the current directory where the user is when
running the script...

Just to give two examples not to give unlimited / uncontrolled power to
anyone..

Gianluca