1 |
Instead of all the "sudo su ...." stuff does this make things simpler. |
2 |
|
3 |
Add the following lines to /etc/sudoers (assuming you also have the |
4 |
emerge user) |
5 |
|
6 |
User_Alais EMERGE_ADMINS = user1, user2, user3 |
7 |
Host_Alais EMERGEABLE_HOSTS = host1, host2 |
8 |
Cmnd_Alias EMERGE = /usr/bin/emerge |
9 |
|
10 |
EMERGE_ADMINS EMERGEABLE_HOSTS = (emerge) EMERGE |
11 |
|
12 |
Are there any security problems with this? If you wanted you could add |
13 |
stuff to the Cmnd_Alias to restrict users from being able to unmerge |
14 |
packages... I think that would be like this... |
15 |
|
16 |
Cmnd_Alias EMERGE = /usr/bin/emerge, !/usr/bin/emerge *unmerge*, |
17 |
!/usr/bin/emerge *-C* |
18 |
|
19 |
~Michael |
20 |
|
21 |
Bart Alewijnse wrote: |
22 |
>>Bart Alewijnse wrote: |
23 |
>>| Errm. I was referring to the *user* 'emerge' - I wasn't aware you can |
24 |
>>| use su to execute binaries. sudo, yes, but su? 'sudo su emerge' would |
25 |
>>| cause sudo to run su with the command line parameter 'emerge' which |
26 |
>>| can only be a username - rather than hand sudo two executable names, |
27 |
>>| right? |
28 |
>>| But if you're paranoid, you could likely require the path to emerge in |
29 |
>>| sudoers, so that it'd have to be |
30 |
>>| 'sudo su /usr/bin/emerge' - or possibly just that it'd only accept |
31 |
>>| running emerge if the actual emerge binary being suggested for running |
32 |
>>| is the one in /usr/bin. Since you don't have direct accidental access |
33 |
>>| to that as either considered user, it's not a risk. |
34 |
>>| |
35 |
>>Yes, su can run commands with the -c option. So 'su root -c "rm -rf /"' |
36 |
>>would blow away your system. However, in your example you don't have |
37 |
> |
38 |
> |
39 |
> Good point, didn't know that. |
40 |
> |
41 |
> But root? What? I was suggesting only su-ing from selected users to |
42 |
> the 'emerge' user. |
43 |
> |
44 |
> The worst you could do then is probably 'sudo su emerge -c |
45 |
> /evil/emergee', which would then be executed as emerge - which I was |
46 |
> assuming to be a non-admin account, just as a syntactic command line |
47 |
> sugar inbetween step. |
48 |
> |
49 |
> The point to that was that people that would emerge would both have a |
50 |
> common account (possibly good for config files), but just to the |
51 |
> point, that that's a nice conceptual location you could run the actual |
52 |
> emerge binary from - again, through sudo, because if emerge is an |
53 |
> admin acccount, it might as well be root itself. |
54 |
> |
55 |
> |
56 |
> Actually, indeed, just adjusting sudoers to have specific people have |
57 |
> the ability to run /usr/bin/emerge would be enough, pretty much |
58 |
> period. |
59 |
> |
60 |
> |
61 |
> And if not that, according to taste and as someone just mailed me, you |
62 |
> also do what I suggest in one step, indeed with a 'sudu so -c |
63 |
> /usr/bin/emerge' with assorted |
64 |
> things-you-actually-also-need-in-reality(tm) (again, I've not used |
65 |
> sudo much at all) |
66 |
> |
67 |
> That's indeed simpler systemwise. I was just going for the |
68 |
> understandable-for-people-not-on-this-list (and possibly myself next |
69 |
> week) angle. Rather pointless, really. There are such things as |
70 |
> scripts:) |
71 |
> |
72 |
> |
73 |
> Interesing suggestion, but how exactly would you break out of chroot |
74 |
> once you're properly authenticated? I mean, there's very little point |
75 |
> to running emerge within a chrooted environment, right? You're doing |
76 |
> something cleaner, though, so do please explain. |
77 |
> |
78 |
> |
79 |
> But as I keep saying, security is entirely moot in this matter, as bad |
80 |
> intentsions are met with essential root access no matter what you do, |
81 |
> because emerge itself needs it. It's better than giving them root |
82 |
> access as accidental typo's could be entirely fatal there, but not as |
83 |
> the emerge user - unless you did something stupid with emerge, but |
84 |
> then you shouldn't be emerging in the first place. |
85 |
> |
86 |
> --Bart Alewijnse |
87 |
> |
88 |
> -- |
89 |
> gentoo-security@g.o mailing list |
90 |
> |
91 |
|
92 |
|
93 |
-- |
94 |
gentoo-security@g.o mailing list |