Mailinglist Archive: opensuse (1264 mails)

< Previous Next >
[opensuse] Re: set owner + mode on dirs below a start (was Re: Quick question: how to call a script function from "find"?)
Carlos E. R. wrote:
On 2017-06-14 02:14, L A Walsh wrote:
Carlos E. R. wrote:


My sudoers file is edited to allow only specific commands.
---
Right -- so now you only need 1 line, versus the above
method requiring at least 2 lines.

Or, you could store a script in /usr/bin, that does your
xargs call. Then you can just permit the script.

-about running a shell script with the command in it?

Allowing a script in sudo is dangerous. It can be edited to anything.
----
Really? Try this on your system:

find /usr/sbin -maxdepth 1 -type f|wc -l
739
find /usr/sbin -maxdepth 1 -type f|xargs -n1 -P10 file |grep shell|wc -l
105
----
14% of the files in /usr/sbin are scripts on my system.

Are you saying they are all "dangerous"?
The percentage in /usr/bin is higher.

Of course scripts are NOT dangerous -- if they are
owned by root and not user-writeable, they are as
secure as binaries.

I gave you an example of 1 line that replaces multiple lines
and 1-sudo that replaces 2 or more. What's more secure --
1-command or multiple commands?

If you want more security, you reduce the number of places where
you use privilege.






--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups