Re: Sudo question OT-reply (severely OT)
On Fri, 2005-07-08 at 13:36 +0200, Johann Spies wrote:
> On Fri, Jul 08, 2005 at 12:58:44PM +0200, Florian Weimer wrote:
> > * Johann Spies:
> >
> > > alias specification Cmnd_Alias BACKUP =
> > > /opt/tivoli/tsm/client/ba/bin/dsm, \
> > > /opt/tivoli/tsm/client/ba/bin/dsmadmc, \
> > > /opt/tivoli/tsm/client/ba/bin/dsmc, \
> > > /opt/tivoli/tsm/client/ba/bin/dsmagent,\
> > > /opt/tivoli/tsm/client/ba/bin/dsmcad,\
> > > /opt/tivoli/tsm/client/ba/bin/dsmj,\
> > > /opt/tivoli/tsm/client/ba/bin/dsmtca
> > >
> > > # User privilege specification
> > > RUGSTEUN ALL= (root) BACKUP
> > > ============================
> >
> > IIRC, the TSM command line clients suffer from several buffer
> > overflows, so this is roughly equivalent to giving away full root
> > access.
>
> In theory, yes. At least the person who is able to do this is a
> fellow administrator in my department.
>
> What alternatives are there?
Kill him and replace him with a small shell script. ;-)
/Daniel
--
File not found. Should I fake it (y/n)?
Reply to: