On 06/06/2011 05:09 PM, Edwin Helbert Aponte Angarita wrote:
On Mon, 2011-06-06 at 14:25 -0700, John Andersen wrote:
And you must CLOSE/exit the first ssh session in order for the subsequent session to still have sudo rights. As Tejas points out (in another message) you need to snag the tty number. That's right. I had to close the first ssh session.
sudo itself provides a very simple way to deal with this "security hole". From the man page: -K The -K (sure kill) option is like -k except that it removes the user's timestamp entirely and may not be used in conjunction with a command or other option. This option does not require a password. -k When used by itself, the -k (kill) option to sudo invalidates the user's timestamp by setting the time on it to the Epoch. The next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file. So, "sudo -k" in the user's .lougout file ought to remove any lingering sudo rights. Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org