Re: VI wrapper for SUDO?
On Thu, Nov 29, 2001 at 02:45:08PM -0800, William R Ward wrote:
>
> A lazy sysadmin, not thinking through the ramifications, might put
> things like "/usr/bin/vi /etc/aliases" in the sudoers file, thinking
> that it limits access. But of course, vi has the ":e" command...
Thats only if they arn't thinking....If they were really smart they
might run :!/bin/bash...then they have root shell access to the entire
box...:-)
>
> Is there any kind of wrapper that can be used to allow sudo to grant
> editing access to only one file? I am thinking of something similar
> to vipw or visudo, but with security in mind; following this basic
> algorithm:
>
> 1. Using user privileges, Copy the desired file to a temp file owned
> by the real user.
> 2. Using user privileges, Edit the temp file.
> 3. Using root privileges, copy the temp file to the final location.
>
> Does such a beast exist? If not, I think it should. It should
> probably obey the /etc/alternatives preferences for editors, too.
>
> --Bill.
>
> --
> William R Ward bill@wards.net http://www.wards.net/~bill/
> -----------------------------------------------------------------------------
> If you're not part of the solution, you're part of the precipitate.
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: