Originally posted by: apple08

dear AIX gurus,
can application id vi sudo file? would appreiate your current practise and best practise.

1. ls -la |grep sudo

-r--r----- 1 root system 3107 Feb 03 13:13 sudoers
hope to hear from you.

Originally posted by: orphy

The point of using sudo is to grant a non-root user root or root-equivalent access to certain commands. If you let a non-root user visudo, you basically grant that non-root user "root" access.

Now, if you really trust that non-root user, you can of course simply grant that ID sudo access to visudo and you are all set. Remember, if one can visudo (i.e. modify sudoers), there is nothing that can stop that user from adding him/herself ksh there.
Orphy

Originally posted by: apple08

dear sir,
how to change the the sudoers file permission. when i change the group, still the user can't edit sudoers and when i try to run sudo, it says this error. would really appreciate your advice
$ sudo
sudo: /etc/sudoers is mode 0444, should be 0440

Originally posted by: orphy

You should really understand the security impact before doing this. Do you?

Technically, to make that work, all you need is grant that user "sudo visudo" and you should be all set. If you don't know how to do that, read the man for sudoers. You shouldn't change the permissions of /etc/sudoers and you shouldn't let the user (or yourself) "vi" /etc/sudoers directly. Just remember, by giving away "sudo visudo", you are essentially giving away root access so proceed at your own risk!
Orphy