Re: sudoer security problem on server
* Eduardo M KALINOWSKI <eduardo@kalinowski.com.br> [2009 Mar 29 08:43 -0500]:
> > %USER HOSTNAME=NOPASSWD: /usr/bin/make
> >
> > I replace USER and HOSTNAME with my local values. The sudoers man page
> > is quite extensive as well.
> >
>
> This will allow them to run make as root. Not only they will be able to
> install anywhere (not only under /usr/local), but they can run any
> command by creating a Makefile that does what they want to do.
>
> If one wants to restrict access to a directory, file permissions (or
> ACLs) are more efficient.
Good advice. Hey, I said I'm no expert and I was just tossing out an
idea in the broader sense based on what I do locally.
- Nate >>
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Ham radio, Linux, bikes, and more: http://n0nb.us/index.html
Reply to: