On Wed, 26 Oct 2022 20:04:10 +0200, Ramon Fischer wrote: > Also a very interesting question! > > I just tested this with "visudo" and it does not intercept this. > > If "su" is disabled, you are locked out and you are forced to enter > your system via a live USB stick and a "chroot" in order to edit > "/etc/shadow" to set a root password via "mkpasswd" and enable "su". > Nice. :D
You need to be root to write to /etc/sudoers.d. If someone has that access, you are already doomed! > > -Ramon > > On 26/10/2022 18:52, Grant Taylor wrote: > > What if someone were to put the following into > > /etc/sudoers.d/zzzzzzzzzz > > > > ALL ALL=(ALL) !ALL > > > > }:-) -- Neil Bothwick I thought I saw the light at the end of the tunnel... but it was just some sod with a torch bringing me more work!
pgpkft0Ndewt6.pgp
Description: OpenPGP digital signature