Re: Configure sudo
On Sun, May 27, 2012 at 5:54 AM, Denis Witt
<denis.witt@concepts-and-training.de> wrote:
> Hi again,
>
> I came up with this now:
>
> cat /usr/local/bin/adm.sh
Having access to chown and chmod is not secure:
cbell@circe:~$ cp /bin/dash .
cbell@circe:~$ sudo ./adm.sh chown root:root ./dash
Change ownership root:root ./dash
cbell@circe:~$ sudo ./adm.sh chmod 4755 ./dash
Change file rights 4755 ./dash
cbell@circe:~$ ./dash
# whoami
root
#
If you're going to allow chown and chmod, you may as well just give
them the root password or full sudo to every command with their own
password using /etc/sudoers:
%sudo ALL(ALL)=ALL
With them in the sudo group. Note, this is the default in Squeeze and
you can grant them this access with a single command:
# usermod -G sudo -a $username
--
Chris
Reply to: