[gentoo-doc-cvs] cvs commit: sudo-guide.xml

Tue, 02 Aug 2005 12:22:57 -0700 

swift       05/08/02 19:22:33

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  Trust your users or use a wrapper script instead of granting full access to 
tools that manipulate the system. Tx to ciaranm for reporting

Revision  Changes    Path
1.2       +12 -2     xml/htdocs/doc/en/sudo-guide.xml

file : 
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: 
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
diff : 
http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-guide.xml      2 Aug 2005 17:59:29 -0000       1.1
+++ sudo-guide.xml      2 Aug 2005 19:22:33 -0000       1.2
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 
2005/08/02 17:59:29 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 
2005/08/02 19:22:33 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,7 +22,7 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.0</version>
+<version>1.1</version>
 <date>2005-08-02</date>
 
 <chapter>
@@ -126,6 +126,16 @@
 </pre>
 
 <p>
+A <brite>big warning</brite> is in place though: do not allow a user to run an
+application that can allow people to elevate privileges. For instance, allowing
+users to execute <c>emerge</c> as root can indeed grant them full root access 
+to the system because <c>emerge</c> can be manipulated to change the live file 
+system in the user his advantage. Trust your users, or use a <e>wrapper</e> 
+instead: a script that limits the use of the application to a known set of 
+safe instructions.
+</p>
+
+<p>
 The user name can also be substituted with a group name - in this case you 
should
 start the group name with a <c>%</c> sign. For instance, to allow any one in
 the <c>wheel</c> group to execute <c>emerge</c>:



-- 
[email protected] mailing list

Reply via email to