On 05/12/2019 10:03, David T-G wrote:
Anton, et al --
...and then Anton Aylward said... % % On 04/12/2019 16:58, Carlos E. R. wrote: % > % > find /data/storage_b/cer/Pictures /data/storage_b/cer/Pictures.tmp ... % > -exec sudo setfacl -m g:users:r '{}' \; % > % > With corresponding sudoers file entries: % % OUCH OUCH OUCH! % % You've max-imalized when you could have minimized. % % Sudo at the 'find' level and you can get rid of the individual sudo. % or just sudo the whole script.
True ... kinda. Recall that he wants to list commands explicitly, which would mean a really interesting sudoers line.
Meanwhile, putting on my Security Freak hat, I wonder if it's more secure to escalate for specific commands as Carlos has or to go ahead and run a single find as root and perhaps go where we shouldn't....
I look at it this way. If he can edit the sudoers configuration file to set up all those individual things then he can log in as root. GAME OVER as far as security is concerned. https://www.michaelwlucas.com/nonfiction/sudo-mastery Me? I'm a dinosaur, I'm in the 'wheel' group. https://en.wikipedia.org/wiki/Wheel_(computing) [now why it was 'big wheel' rather than 'big cheese' is anyone's guess] https://access.redhat.com/discussions/1392033 -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org