Gentoo Archives: gentoo-doc-cvs

From:	Sven Vermeulen <swift@×××××××××××.org>
To:	gentoo-doc-cvs@l.g.o
Subject:	[gentoo-doc-cvs] cvs commit: sudo-guide.xml
Date:	Tue, 02 Aug 2005 19:23:02
Message-Id:	`200508021922.j72JMQIK028467@robin.gentoo.org`

1	swift 05/08/02 19:22:33
2
3	Modified: xml/htdocs/doc/en sudo-guide.xml
4	Log:
5	Trust your users or use a wrapper script instead of granting full access to tools that manipulate the system. Tx to ciaranm for reporting
6
7	Revision Changes Path
8	1.2 +12 -2 xml/htdocs/doc/en/sudo-guide.xml
9
10	file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
11	plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
12	diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo
13
14	Index: sudo-guide.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
17	retrieving revision 1.1
18	retrieving revision 1.2
19	diff -u -r1.1 -r1.2
20	--- sudo-guide.xml 2 Aug 2005 17:59:29 -0000 1.1
21	+++ sudo-guide.xml 2 Aug 2005 19:22:33 -0000 1.2
22	@@ -1,6 +1,6 @@
23	<?xml version='1.0' encoding="UTF-8"?>
24
25	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 2005/08/02 17:59:29 swift Exp $ -->
26	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 2005/08/02 19:22:33 swift Exp $ -->
27
28	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
29
30	@@ -22,7 +22,7 @@
31	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
32	<license/>
33
34	-<version>1.0</version>
35	+<version>1.1</version>
36	<date>2005-08-02</date>
37
38	<chapter>
39	@@ -126,6 +126,16 @@
40	</pre>
41
42	<p>
43	+A <brite>big warning</brite> is in place though: do not allow a user to run an
44	+application that can allow people to elevate privileges. For instance, allowing
45	+users to execute <c>emerge</c> as root can indeed grant them full root access
46	+to the system because <c>emerge</c> can be manipulated to change the live file
47	+system in the user his advantage. Trust your users, or use a <e>wrapper</e>
48	+instead: a script that limits the use of the application to a known set of
49	+safe instructions.
50	+</p>
51	+
52	+<p>
53	The user name can also be substituted with a group name - in this case you should
54	start the group name with a <c>%</c> sign. For instance, to allow any one in
55	the <c>wheel</c> group to execute <c>emerge</c>:
56
57
58
59	--
60	gentoo-doc-cvs@g.o mailing list

Report Message

Find on MARC Find on Google Groups