On Thu, 2012-03-01 at 19:00 -0500, Patrick Shanahan wrote:
* Roger Oberholtzer <roger@opq.se> [03-01-12 02:40]:
On Thu, 2012-03-01 at 00:17 +0100, jdd wrote:
read man sudoer
See my earlier response to Patrick on this. sudo is all-or-nothing for the program. You cannot restrict a single program to a subset of root permissions. You get them all.
This is *not* so. Have you looked at /etc/sudoers?
Indeed I have. I even use it. We are defining 'command' differently. When discussing root permissions, I define commands at the OS level. read(2), write(2) and the like. In any running application, these are the things that will fail when permissions are inadequate. Unless the binary is read/execute only for root (oddly most are not), anyone can run a root application - up to where one of these system calls fails because of permissions. sudo lets me run a complete binary application as a different user. If that user is root, then every system command in the binary gets root permissions. Not just a select set. As a result, you have to trust that the entire binary behaves itself. I think security guys are right in thinking this a bit of a risk. I do not need global root access for all available system calls in an application to solve my issues. That is what sudo provides. Something along the line of 'capabilities' is more in line. I just need a select few things. I suspect that this is the case of many things being discussed.
<quote>
## ## User alias specification ## ## Groups of users. These may consist of user names, uids, Unix groups, ## or netgroups. # User_Alias ADMINS = millert, dowdy, mikef ## ## Cmnd alias specification ## ## Groups of commands. Often used to group related commands together. # Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \ # /usr/bin/pkill, /usr/bin/top
## ## Uncomment to enable logging of a command's output, except for ## sudoreplay and reboot. Use sudoreplay to play back logged sessions. # Defaults log_output # Defaults!/usr/bin/sudoreplay !log_output # Defaults!/sbin/reboot !log_output
## In the default (unconfigured) configuration, sudo asks for the root ## password. ## This allows use of an ordinary user account for administration of a ## freshly ## installed system. When configuring sudo, delete the two ## following lines: Defaults targetpw # ask for the password of the target user i.e. root ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! </quote>
from the man page DESCRIPTION
sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The real and effective uid and gid are set to match those of the target user, as specified in the password database, and the group vector is initialized based on the group database (unless the -P option was specified).
and users can be added to groups which have permissions to do *specific* things, ie: wheel, wwwrun
-- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net
Yours sincerely, Roger Oberholtzer OPQ Systems / Ramböll RST Office: Int +46 10-615 60 20 Mobile: Int +46 70-815 1696 roger.oberholtzer@ramboll.se ________________________________________ Ramböll Sverige AB Krukmakargatan 21 P.O. Box 17009 SE-104 62 Stockholm, Sweden www.rambollrst.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org