[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudoer security problem on server

On Sun Mar 29, 2009 at 10:41:57 -0300, Eduardo M KALINOWSKI wrote:

> This will allow them to run make as root. Not only they will be able to
> install anywhere (not only under /usr/local), but they can run any
> command by creating a Makefile that does what they want to do.


> If one wants to restrict access to a directory, file permissions (or
> ACLs) are more efficient.

  Yes, and that is why the "staff" group exists.  See the permissions
 on /usr/local.  Bear in mind jumping from staff -> root isn't hard,
 but that is a separate issue.

Debian GNU/Linux System Administration

Reply to: