On 1/22/09 4:38 PM, John Summerfield wrote:
Larry Ploetz wrote:
Scott Rohling _/*DID NOT*/_ wrote:
If I must configure bind, maybe I need a text editor. If I can use a
text editor maybe I can edit /etc/sudoers
I said that
That's what sudoedit (not visudoers!) is for.
The point is that I can actually use any editor I like, so long as I get
it right. I have actually used at least one of ed, ex and sed, I edit it
in my kickstart %post section.
I may very well be missing the point entirely, but am trying to point
out that if anyone needs to be able to edit system (or other users')
configuration files, but should not become root to do so (so they can't
use shell escapes to run any command as root), sudoedit securely makes a
copy of the file(s) the sudo user is allowed to edit into /tmp, runs the
sudo user's editor-of-choice as the sudo user with no escalated
privileges, checks to see if any changes were made and if so, securely
copies the file back to the correct place -- no exposure WRT file
maintenance (of course, if you allow someone to sudoedit /etc/passwd,
/etc/shadow or /etc/sudoers you've got a Gaping HoleĀ©, but that's not
sudoedit's fault, that's yours). Assuming sudo is properly configured to
allow the sudo user to run sudoedit, on the file(s) that user is
specifically allowed to edit (e.g., bind configuration).
--
<http://www.ciw.edu/> <http://www-ciwdpb.stanford.edu/>
<http://www.arabidopsis.org/>*
Larry Ploetz
Systems Administrator
Carnegie Institution of Washington
Department of Plant Biology
The Arabidopsis Information Resource
650 325 1521 x 296 [email protected] *
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
