Re: Doing administrative work

To: debian-user@lists.debian.org
Subject: Re: Doing administrative work
From: Dave Sherohman <esper@sherohman.org>
Date: Mon, 22 Jan 2007 10:52:33 -0600
Message-id: <[🔎] 20070122165233.GE6486@genma.sherohman.org>
Mail-followup-to: Dave Sherohman <esper@murphy.debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 1169436699.13689.13.camel@princess.gregfolkert.net>
References: <[🔎] 45B42982.4070307@dreampossible.ca> <[🔎] 1169436699.13689.13.camel@princess.gregfolkert.net>

On Sun, Jan 21, 2007 at 10:31:39PM -0500, Greg Folkert wrote:
>       * If the need arises use a method to allow "limited privileges" in
>         a granular way. I use "sudo" it allows one to give "user
>         creation" without giving the keys to the machine to the person
>         or helpdesk person.

I'm sure you're aware of this, Greg, but, for anyone who isn't that
familiar with sudo, you need to go over the commands that you give
untrusted people (e.g., the helpdesk person mentioned above) access to
very carefully to ensure that none of them can be used to spawn a shell
or execute arbitrary commands.  If they can use sudo to run, say, vi or
emacs as root (both of which can be used to run arbitrary commands,
including /bin/bash, unless passed specific command-line switches to
disable this), then you're "giving the keys to the machine" to them and
they can get full root powers as soon as they think to type (in most
cases) "!".

-- 
I would rather be exposed to the inconvenience attending too much Liberty
than those attending too small degree of it.
  - Thomas Jefferson

Reply to:

References:
- Doing administrative work
  - From: Jim Hyslop <jhyslop@dreampossible.ca>
- Re: Doing administrative work
  - From: Greg Folkert <greg@gregfolkert.net>

Prev by Date: lrc files: ASCII text?
Next by Date: [OT] Re: top post fixer?
Previous by thread: Re: Doing administrative work
Next by thread: Re: Doing administrative work
Index(es):
- Date
- Thread