Re: sudoer security problem on server

To: debian-user@lists.debian.org
Subject: Re: sudoer security problem on server
From: Nate Bargmann <n0nb@n0nb.us>
Date: Sun, 29 Mar 2009 09:02:47 -0500
Message-id: <[🔎] 20090329140247.GJ13513@n0nb.us>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 49CF7AA5.60805@kalinowski.com.br>
References: <[🔎] 128a87f00903281724n65be5152o298441ee4c64f3a0@mail.gmail.com> <[🔎] 20090329003909.GX15287@n0nb.us> <[🔎] 49CF7AA5.60805@kalinowski.com.br>

* Eduardo M KALINOWSKI <eduardo@kalinowski.com.br> [2009 Mar 29 08:43 -0500]:

> > %USER   HOSTNAME=NOPASSWD: /usr/bin/make
> >
> > I replace USER and HOSTNAME with my local values.  The sudoers man page
> > is quite extensive as well.
> >   
> 
> This will allow them to run make as root. Not only they will be able to
> install anywhere (not only under /usr/local), but they can run any
> command by creating a Makefile that does what they want to do.
> 
> If one wants to restrict access to a directory, file permissions (or
> ACLs) are more efficient.

Good advice.  Hey, I said I'm no expert and I was just tossing out an
idea in the broader sense based on what I do locally.

- Nate >>

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://n0nb.us/index.html

Reply to:

References:
- sudoer security problem on server
  - From: zhang zhengquan <zhang.zhengquan@gmail.com>
- Re: sudoer security problem on server
  - From: Nate Bargmann <n0nb@n0nb.us>
- Re: sudoer security problem on server
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

Prev by Date: Re: sudoer security problem on server
Next by Date: Re: sudoer security problem on server
Previous by thread: Re: sudoer security problem on server
Next by thread: Re: sudoer security problem on server
Index(es):
- Date
- Thread