| 1 |
On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote |
| 2 |
|
| 3 |
> This is all good and dandy, but letting user "nobody" read your |
| 4 |
> mail accoutn passwd may not be the safest approach to sending email |
| 5 |
> messages from your machine. |
| 6 |
|
| 7 |
I think you missed the point. The "NOPASSWD:" option means that this |
| 8 |
one particular user "nobody" ***DOES NOT NEED THE ROOT PASSWORD*** to |
| 9 |
execute this one particular command which normally requires "root" level |
| 10 |
privileges. I repeat, it has no need for the password. This is done |
| 11 |
with a sudoers entry like the following example. |
| 12 |
|
| 13 |
michael michaelsmachine = (root) NOPASSWD: /usr/sbin/nullmailer |
| 14 |
|
| 15 |
The only problem might be convincing your program that the mail |
| 16 |
command is... |
| 17 |
|
| 18 |
sudo /usr/sbin/nullmailer |
| 19 |
|
| 20 |
You can tell it to run a script that contains that command. Having |
| 21 |
passwords floating around on disk in clear text is a *BAD* idea. Some |
| 22 |
"user friendly distros", like Ubuntu, let you run *ANY* command as root |
| 23 |
if you prefix it with "sudo". That can be done with the keyword "ALL" |
| 24 |
|
| 25 |
michael michaelsmachine = (root) NOPASSWD: ALL |
| 26 |
|
| 27 |
I do not like it on general principle. It gives away the store as far |
| 28 |
as security is concerned. |
| 29 |
|
| 30 |
-- |
| 31 |
Walter Dnes <waltdnes@××××××××.org> |
| 32 |
I don't run "desktop environments"; I run useful applications |
Archives