On 06/07/2011 02:01 AM, Tejas Guruswamy wrote:
On 07/06/11 02:16, Jim Cunning wrote:
On 06/06/2011 05:09 PM, Edwin Helbert Aponte Angarita wrote:
On Mon, 2011-06-06 at 14:25 -0700, John Andersen wrote
And you must CLOSE/exit the first ssh session in order for the subsequent session to still have sudo rights. As Tejas points out (in another message) you need to snag the tty number. That's right. I had to close the first ssh session. sudo itself provides a very simple way to deal with this "security hole". From the man page:
-K The -K (sure kill) option is like -k except that it
removes the user's timestamp entirely and may not be used in conjunction with a command or other option. This option does not require a password.
-k When used by itself, the -k (kill) option to sudo invalidates the user's timestamp by setting the time
on it to the Epoch. The next time sudo is run a password will be required. This option does not require a password and was added to allow a user to revoke sudo permissions from a .logout file.
So, "sudo -k" in the user's .lougout file ought to remove any lingering sudo rights.
Jim
Though that removes sudo authorization from ALL running tty's, not only the one you just exited. YMMV
Tejas Not true..........
'sudo -k' only sets the timestamp for the invoking tty to epoch. 'sudo -K' (note upper case) only REMOVES the timestamp for the invoking tty. Others remain. Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org