Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: David Olsen <do@...>, gentoo-security@g.o
From: "Bill Moritz" <ego@...>
Subject: Re: Changes to traceroute in newest release
Date: Tue, 16 Dec 2003 20:05:09 -0500
> That means I have to either give my staff sudo access to use 
> traceroute, when I want them to be able to use it to diagnose 
> network problems. And set up in this same "security mindset", sudo 
> will require a password upon execution. 

Not necessarily so.  You can have sudo not request a password by using 
NOPASSWD in the sudoers file. 

> A (imho) better solution would be to perhaps do a 4750 by default, 
> and give it to a specific group, say "staff" or the like, this way I 
> can add my staff to that particular group once, and not have to muck 
> permissions everytime a new release of traceroute comes out. 

Being paranoid about my machine and giving out shell access to various users 
I restricted my traceroute/ping/nmap access.  Here is my sudoers: 

Cmnd_Alias      NMAP=/usr/bin/nmap 
Cmnd_Alias      TR=/usr/sbin/traceroute 
Cmnd_Alias      PNG=/bin/ping 
Cmnd_Alias      TRPNG=/usr/sbin/traceroute,/bin/ping 

root            ALL=(ALL) ALL 
user1           ALL=(ALL) ALL 
user2           ALL=(ALL) ALL 
user3           ALL=(ALL) ALL 
user4           ALL=NMAP,TRPNG 
user5           ALL=NMAP,TRPNG 
user6           ALL=NMAP,TRPNG 

I require my users to put in thier passwords because I can't stop them from 
walking away from thier terminals unattended.  If you wanted it so that they 
would not get prompted for thier passwords you could put: 

user4           ALL= NOPASSWD: NMAP,TRPNG 

I personally like sudo because it makes people accountable for thier 
actions. 

> $.02 + $.02 makes $.04, I should get an old top hat to collect the 
change.. 
> 
> -d 

Does that make $.06? 

-bill 


--
gentoo-security@g.o mailing list

References:
Changes to traceroute in newest release
-- David Olsen
Re: Changes to traceroute in newest release
-- Kurt Lieber
Re: Changes to traceroute in newest release
-- David Olsen
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Changes to traceroute in newest release
Next by thread:
Re: Changes to traceroute in newest release
Previous by date:
Re: Changes to traceroute in newest release
Next by date:
Re: Changes to traceroute in newest release


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.