How many times have we seen an attacker gain a foothold, then immediately escalate privileges because everyone has sudo access? It’s not a theoretical threat; it’s a daily reality for incident responders.
Giving every developer or even every admin blanket sudo privileges is asking for trouble. It’s a massive blast radius waiting to happen. If their account is compromised, the game is over.
Your default posture must be least privilege. Limit sudo access to a very small, dedicated group of administrators. Even then, they should be using it sparingly and only when absolutely necessary. Audit your sudoers file regularly.
To see who has ALL privileges right now: grep -r ‘‘ALL’’ /etc/sudoers /etc/sudoers.d/ To edit your sudoers file safely: sudo visudo
If you’re not explicitly restricting and auditing sudo, you’re leaving a gaping hole. This is basic hygiene, but it’s often overlooked in complex environments.
The fix
# List current sudo users
grep -r ''ALL'' /etc/sudoers /etc/sudoers.d/
# Restrict to admin group only
sudo visudo
# Ensure: %admin ALL=(ALL:ALL) ALL
Reference: CIS Linux Benchmark 5.3