1 |
Richard Fish schreef: |
2 |
> Holly Bostick wrote: |
3 |
> |
4 |
> |
5 |
>>Richard Fish schreef: |
6 |
>> |
7 |
>> |
8 |
>> |
9 |
>>>BTW Holly, |
10 |
>>> |
11 |
>>>You should recognize that from a security standpoint allowing yourself |
12 |
>>>to execute bash is really giving yourself "blanket permissions to sudo |
13 |
>>>to all commands". You might as well make life easier on yourself and |
14 |
>>>just make your sudo settings "ALL=(ALL) NOPASSWD: ALL". |
15 |
>>> |
16 |
>>>My $.02. |
17 |
>>> |
18 |
>>>-Richard |
19 |
>>> |
20 |
>>> |
21 |
>>> |
22 |
>> |
23 |
>>Thank you for the heads-up, Richard, but it would seem that that isn't |
24 |
>>quite true-- I did a test: |
25 |
>> |
26 |
>> |
27 |
>>sudo bash -c /etc/init.d/samba restart |
28 |
>> |
29 |
>> |
30 |
>> |
31 |
> |
32 |
> |
33 |
> Remember that the -c option for bash is a single argument, not the rest |
34 |
> of the line. The 'restart' is being seen as a separate argument to |
35 |
> bash, not as part of the command for bash to execute, if that makes any |
36 |
> sense! It will work if you do: |
37 |
> |
38 |
> sudo bash -c "/etc/init.d/samba restart" |
39 |
> |
40 |
> -Richard |
41 |
> |
42 |
|
43 |
So it will. Shoot. Oh, well. Maybe I'll rework this, or I should then |
44 |
ask for: |
45 |
|
46 |
1) firewall recommendations (personal, as the router has one too; atm |
47 |
I'm liking firestarter) |
48 |
|
49 |
2) anti-hacking monitors (other than chrootkit and rkhunter, if needed-- |
50 |
guess I'm thinking about keyloggers) |
51 |
|
52 |
? |
53 |
|
54 |
Holly |
55 |
-- |
56 |
gentoo-user@g.o mailing list |