Hello everyone, I just joined gentoo-server mailing list yesterday. I've been semi-active in Gentoo forums since 2003, though, so some of you might recognize me from there.
On Friday 13 October 2006 01:06, Christian Spoo wrote: > Ricardo Loureiro schrieb: > > That works well, until the users type sudo bash like I saw many ppl > > doing... > > Then you can restrict the commands your guys are allowed to execute. > It's very easily handled in the sudoers file. > > In typical LAMP installations you could configure, separate DB admin, > WWW admin, etc. and each one is only permitted to run a few commands. sudo is all fine and dandy, but it's one of those tools which allow you to shoot yourself to foot. The ability to give users root access to only handful of commands is a blessing - then again, it's also a curse. There is a built-in shell escape functionality built-in to many commands, and if some user has sudo access to such command, it's easy to spawn a separate root shell from there. Let's say your co-admins need to edit config files and they like to do it with vim, so you give them sudo access to vim. Well... just try what happens if you run "sudo vim" and give :!bash command in vim. That leads to root bash and lost audit trail. That's why I personally do not trust just sudo. If I really need a reliable audit trail, I'll use something like grsecurity audit groups instead. Just something to think about. :-) Of course there are plenty of commands without external command support and most of the time sudo is secure enough. -- [email protected] mailing list
