| 1 |
Hello everyone, |
| 2 |
|
| 3 |
I just joined gentoo-server mailing list yesterday. I've been semi-active in |
| 4 |
Gentoo forums since 2003, though, so some of you might recognize me from |
| 5 |
there. |
| 6 |
|
| 7 |
On Friday 13 October 2006 01:06, Christian Spoo wrote: |
| 8 |
> Ricardo Loureiro schrieb: |
| 9 |
> > That works well, until the users type sudo bash like I saw many ppl |
| 10 |
> > doing... |
| 11 |
> |
| 12 |
> Then you can restrict the commands your guys are allowed to execute. |
| 13 |
> It's very easily handled in the sudoers file. |
| 14 |
> |
| 15 |
> In typical LAMP installations you could configure, separate DB admin, |
| 16 |
> WWW admin, etc. and each one is only permitted to run a few commands. |
| 17 |
|
| 18 |
sudo is all fine and dandy, but it's one of those tools which allow you to |
| 19 |
shoot yourself to foot. The ability to give users root access to only handful |
| 20 |
of commands is a blessing - then again, it's also a curse. |
| 21 |
|
| 22 |
There is a built-in shell escape functionality built-in to many commands, and |
| 23 |
if some user has sudo access to such command, it's easy to spawn a separate |
| 24 |
root shell from there. Let's say your co-admins need to edit config files and |
| 25 |
they like to do it with vim, so you give them sudo access to vim. Well... |
| 26 |
just try what happens if you run "sudo vim" and give :!bash command in vim. |
| 27 |
|
| 28 |
That leads to root bash and lost audit trail. That's why I personally do not |
| 29 |
trust just sudo. If I really need a reliable audit trail, I'll use something |
| 30 |
like grsecurity audit groups instead. |
| 31 |
|
| 32 |
Just something to think about. :-) Of course there are plenty of commands |
| 33 |
without external command support and most of the time sudo is secure enough. |
| 34 |
-- |
| 35 |
gentoo-server@g.o mailing list |
Archives