Re: SUDO
On Mon, Dec 03, 2007 at 11:47:54AM -0500, Michael Pobega wrote:
> Using sudo the way Jostein suggested is just as open to problems as
> logging in as root is, and should be avoided at all costs. Sudo was made
> to save the user from hassle, for example, to play Wesnoth I need to
> have access to the SDL framebuffer, but since you need to have root
> permissions to access it I granted myself permissions just to Wesnoth.
>
> pobega ALL=NOPASSWD /usr/games/wesnoth
>
> And aliased in my shell:
>
> alias wesnoth 'sudo /usr/games/wesnoth'
>
> So when I run `wesnoth`, the framebuffer is automagically started and
> I'm granted root permissions just for this one operation.
However, then the whole game is being run with root privleges. Is it
audited for use by root; what else is that binary doing while you're
gaming? Sudo only limits what commands you can issue
from the shell; it does't limit what those commands can do. It would be
better to do one of the following:
1. Have a separate game machine that you can reload
periodically. It should have not public keys on it or
any other sensitive info. Use a non-gaming box for real
work.
2. Find an alternative to the SDL framebuffer. Perhaps
there's a permissions thing that could give members of
a 'gaming' group or something access to the SDL. Then
the game could run under that normal user.
3. Choose a different game.
Note that I have sdl installed as dependencies of vlc. However, I can
play vlc as a normal user. Perhaps its a group thing.
Are you in the video group?
Doug.
Reply to:
- Follow-Ups:
- Re: SUDO
- From: Michael Pobega <pobega@gmail.com>
- Re: SUDO
- From: Celejar <celejar@gmail.com>
- Re: SUDO
- From: Michael Pobega <pobega@gmail.com>
- References:
- SUDO
- From: Erik Jakobsen <erik_ja@mail.tele.dk>
- Re: SUDO
- From: Jostein Elvaker Haande <jehaande@gmail.com>
- Re: SUDO
- From: Dan H <dunno@stoptrick.com>
- Re: SUDO
- From: Michael Pobega <pobega@gmail.com>