Re: sudoer security problem on server

To: debian-user@lists.debian.org
Subject: Re: sudoer security problem on server
From: Nate Bargmann <n0nb@n0nb.us>
Date: Sun, 29 Mar 2009 08:03:23 -0500
Message-id: <[🔎] 20090329130323.GG13513@n0nb.us>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 128a87f00903281724n65be5152o298441ee4c64f3a0@mail.gmail.com>
References: <[🔎] 128a87f00903281724n65be5152o298441ee4c64f3a0@mail.gmail.com>

* zhang zhengquan <zhang.zhengquan@gmail.com> [2009 Mar 28 19:27 -0500]:
> I wonder if a sysadmin should keep the root privilege safe and not
> give sudo to anybody anybody else. and if there is more secure ways of
> enabling root privilege to normal users?

I'm no security or sudo expert, but it seems to me that the devs should
only have access to the commands they need.  For example if they need
to install to /usr/local/ using `make install' you can enable that
specific command.  For example I did that for myself (single user box)
so that I could run `sudo make install|uninstall' without having to
enter my password:

%USER   HOSTNAME=NOPASSWD: /usr/bin/make

I replace USER and HOSTNAME with my local values.  The sudoers man page
is quite extensive as well.

- Nate >>

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://n0nb.us/index.html

Reply to:

References:
- sudoer security problem on server
  - From: zhang zhengquan <zhang.zhengquan@gmail.com>

Prev by Date: Re: rsync mirrors of debian CD How?
Next by Date: Re: managing audiofiles
Previous by thread: Re: sudoer security problem on server
Next by thread: Apple OS X printing [solved] and zeroconf'ing problems
Index(es):
- Date
- Thread