Re: Configure sudo

To: debian <debian-user@lists.debian.org>
Subject: Re: Configure sudo
From: "Christofer C. Bell" <christofer.c.bell@gmail.com>
Date: Sun, 27 May 2012 09:49:52 -0500
Message-id: <[🔎] CAOEVnYsG1U1JRHhjNgk0o8D+_EhyqKCjFV4ME8BHY_GJC0taOg@mail.gmail.com>
In-reply-to: <[🔎] 5408AEF9-65EA-4E55-B8B7-7AECAA2AB5BC@concepts-and-training.de>
References: <[🔎] 80E5D5CC-AE42-43E8-9125-D9C790B82970@concepts-and-training.de> <[🔎] 5408AEF9-65EA-4E55-B8B7-7AECAA2AB5BC@concepts-and-training.de>

On Sun, May 27, 2012 at 5:54 AM, Denis Witt
<denis.witt@concepts-and-training.de> wrote:
> Hi again,
>
> I came up with this now:
>
> cat /usr/local/bin/adm.sh

Having access to chown and chmod is not secure:

cbell@circe:~$ cp /bin/dash .
cbell@circe:~$ sudo ./adm.sh chown root:root ./dash
Change ownership root:root ./dash
cbell@circe:~$ sudo ./adm.sh chmod 4755 ./dash
Change file rights 4755 ./dash
cbell@circe:~$ ./dash
# whoami
root
#

If you're going to allow chown and chmod, you may as well just give
them the root password or full sudo to every command with their own
password using /etc/sudoers:

%sudo ALL(ALL)=ALL

With them in the sudo group.  Note, this is the default in Squeeze and
you can grant them this access with a single command:

# usermod -G sudo -a $username

-- 
Chris

Reply to:

References:
- Configure sudo
  - From: Denis Witt <denis.witt@concepts-and-training.de>
- Re: Configure sudo
  - From: Denis Witt <denis.witt@concepts-and-training.de>

Prev by Date: Debian as a DDNS Server
Next by Date: Re: Install Squeeze with firmware
Previous by thread: Re: Configure sudo
Next by thread: how to update Debian OS properly
Index(es):
- Date
- Thread