Re: sudoer security problem on server
On Sun Mar 29, 2009 at 10:41:57 -0300, Eduardo M KALINOWSKI wrote:
> This will allow them to run make as root. Not only they will be able to
> install anywhere (not only under /usr/local), but they can run any
> command by creating a Makefile that does what they want to do.
Indeed.
> If one wants to restrict access to a directory, file permissions (or
> ACLs) are more efficient.
Yes, and that is why the "staff" group exists. See the permissions
on /usr/local. Bear in mind jumping from staff -> root isn't hard,
but that is a separate issue.
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
Reply to: