Richard Fish schreef: > BTW Holly, > > You should recognize that from a security standpoint allowing yourself > to execute bash is really giving yourself "blanket permissions to sudo > to all commands". You might as well make life easier on yourself and > just make your sudo settings "ALL=(ALL) NOPASSWD: ALL". > > My $.02. > > -Richard >
Thank you for the heads-up, Richard, but it would seem that that isn't quite true-- I did a test: sudo bash -c /etc/init.d/samba restart Gentoo Linux RC-Scripts; http://www.gentoo.org/ Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL Usage: samba < flags > [ options ] Options: In other words, I couldn't restart the Samba daemon, whereas when root I can: su Wachtwoord: wo 07/06/05 20:31 ~ root -> /etc/init.d/samba restart * samba -> stop: smbd ... [ ok ] * samba -> stop: nmbd ... [ ok ] * samba -> start: smbd ... [ ok ] * samba -> start: nmbd ... [ ok ] So I think I'll pass on the ALL/ALL -- I know that this is not the most secure setup possible (though as soon as I set up a personal firewall behind the router's firewall and set up chrootkit, I'll feel yet better), but still, I'd like to keep what minimal limits still exist, despite having punched holes in them my own self. Or is this not a valid proof that there are some limits left? Holly -- gentoo-user@gentoo.org mailing list
