[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudoer security problem on server

* Eduardo M KALINOWSKI <eduardo@kalinowski.com.br> [2009 Mar 29 08:43 -0500]:

> > %USER   HOSTNAME=NOPASSWD: /usr/bin/make
> >
> > I replace USER and HOSTNAME with my local values.  The sudoers man page
> > is quite extensive as well.
> >   
> This will allow them to run make as root. Not only they will be able to
> install anywhere (not only under /usr/local), but they can run any
> command by creating a Makefile that does what they want to do.
> If one wants to restrict access to a directory, file permissions (or
> ACLs) are more efficient.

Good advice.  Hey, I said I'm no expert and I was just tossing out an
idea in the broader sense based on what I do locally.

- Nate >>


"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://n0nb.us/index.html

Reply to: