8
2
There is no chance of an internal attack, so I would like to give sudo privileges to users at the local computer using sudoers. I tried these lines separately:
%admin localhost=(ALL) NOPASSWD: ALL
%admin 127.0.0.1=(ALL) NOPASSWD: ALL
But sudoers does not seem recognize either localhost
or 127.0.0.1
.
Is there an alternative, and if so, how secure would it be? Could a remote attacker gain local user privileges using cron or some other method?
"Since every host has a loopback interface, every host matches your rule." Are you sure that's correct? Neither
localhost
nor127.0.0.1
seem to match the local computer. – Zaz – 2010-07-29T20:56:07.8471@Josh: that's the documented behavior. In fact sudo skips the loopback interface when checking whether the host is in the list. I've updated my answer to reflect this. Either way, specifying
localhost
in the host list is not useful. – Gilles 'SO- stop being evil' – 2010-07-29T21:25:35.853Every host would match your rule, if the sudo system allowed it. – bukzor – 2013-04-02T17:12:01.857