1 |
swift 05/08/02 19:22:33 |
2 |
|
3 |
Modified: xml/htdocs/doc/en sudo-guide.xml |
4 |
Log: |
5 |
Trust your users or use a wrapper script instead of granting full access to tools that manipulate the system. Tx to ciaranm for reporting |
6 |
|
7 |
Revision Changes Path |
8 |
1.2 +12 -2 xml/htdocs/doc/en/sudo-guide.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo |
12 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo |
13 |
|
14 |
Index: sudo-guide.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v |
17 |
retrieving revision 1.1 |
18 |
retrieving revision 1.2 |
19 |
diff -u -r1.1 -r1.2 |
20 |
--- sudo-guide.xml 2 Aug 2005 17:59:29 -0000 1.1 |
21 |
+++ sudo-guide.xml 2 Aug 2005 19:22:33 -0000 1.2 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
|
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 2005/08/02 17:59:29 swift Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 2005/08/02 19:22:33 swift Exp $ --> |
27 |
|
28 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
29 |
|
30 |
@@ -22,7 +22,7 @@ |
31 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
32 |
<license/> |
33 |
|
34 |
-<version>1.0</version> |
35 |
+<version>1.1</version> |
36 |
<date>2005-08-02</date> |
37 |
|
38 |
<chapter> |
39 |
@@ -126,6 +126,16 @@ |
40 |
</pre> |
41 |
|
42 |
<p> |
43 |
+A <brite>big warning</brite> is in place though: do not allow a user to run an |
44 |
+application that can allow people to elevate privileges. For instance, allowing |
45 |
+users to execute <c>emerge</c> as root can indeed grant them full root access |
46 |
+to the system because <c>emerge</c> can be manipulated to change the live file |
47 |
+system in the user his advantage. Trust your users, or use a <e>wrapper</e> |
48 |
+instead: a script that limits the use of the application to a known set of |
49 |
+safe instructions. |
50 |
+</p> |
51 |
+ |
52 |
+<p> |
53 |
The user name can also be substituted with a group name - in this case you should |
54 |
start the group name with a <c>%</c> sign. For instance, to allow any one in |
55 |
the <c>wheel</c> group to execute <c>emerge</c>: |
56 |
|
57 |
|
58 |
|
59 |
-- |
60 |
gentoo-doc-cvs@g.o mailing list |