1 |
Hello everyone, |
2 |
|
3 |
I just joined gentoo-server mailing list yesterday. I've been semi-active in |
4 |
Gentoo forums since 2003, though, so some of you might recognize me from |
5 |
there. |
6 |
|
7 |
On Friday 13 October 2006 01:06, Christian Spoo wrote: |
8 |
> Ricardo Loureiro schrieb: |
9 |
> > That works well, until the users type sudo bash like I saw many ppl |
10 |
> > doing... |
11 |
> |
12 |
> Then you can restrict the commands your guys are allowed to execute. |
13 |
> It's very easily handled in the sudoers file. |
14 |
> |
15 |
> In typical LAMP installations you could configure, separate DB admin, |
16 |
> WWW admin, etc. and each one is only permitted to run a few commands. |
17 |
|
18 |
sudo is all fine and dandy, but it's one of those tools which allow you to |
19 |
shoot yourself to foot. The ability to give users root access to only handful |
20 |
of commands is a blessing - then again, it's also a curse. |
21 |
|
22 |
There is a built-in shell escape functionality built-in to many commands, and |
23 |
if some user has sudo access to such command, it's easy to spawn a separate |
24 |
root shell from there. Let's say your co-admins need to edit config files and |
25 |
they like to do it with vim, so you give them sudo access to vim. Well... |
26 |
just try what happens if you run "sudo vim" and give :!bash command in vim. |
27 |
|
28 |
That leads to root bash and lost audit trail. That's why I personally do not |
29 |
trust just sudo. If I really need a reliable audit trail, I'll use something |
30 |
like grsecurity audit groups instead. |
31 |
|
32 |
Just something to think about. :-) Of course there are plenty of commands |
33 |
without external command support and most of the time sudo is secure enough. |
34 |
-- |
35 |
gentoo-server@g.o mailing list |