[ale] sudo tricks and hints

Lightner, Jeff JLightner at dsservices.com
Thu Aug 14 08:42:08 EDT 2014


The reason the sudoers file exist IS to be "tinkered" with as necessary.

Use "visudo" to edit it though - that has a syntax checker built into it.  It also saves a copy of the original so you can go back to it if necessary.

The main thing is to make sure you are restricting things.   If you're allowing access to scripts especially make sure those are in a location and have permissions so that only root can modify them.   It would be way to easy to add "bash" to the end of a script to make it give you a shell prompt as root.    Similarly don't ever give things like "sudo vi" as vi/vim can escape to the shell.

Also although sudo itself runs as root remember that some things do NOT need to run as root so making sure you give access to other generic/admin setups might be the way to go.   (e.g. tell it to run the command as mysql user if what you're doing is mysql).




-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Narahari 'n' Savitha
Sent: Wednesday, August 13, 2014 6:48 PM
To: Atlanta Linux Enthusiasts - Yes! We run Linux!
Subject: [ale] sudo tricks and hints

Friends:

I am trying to use sudo effectively.  The scenario is I have a box where I can get super powers for the duration of a script running.  It works ok but what I am found is that I can put a <userid> in the sudoers file with permission to run any script(s) from a given folder.  But that requires me to mod the sudoers file.  Is there any other mechanism that I can get granted the superpowers for a brief while and then taken away from me.  I really don't like tinkering with sudoers file.

-S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140813/1486bd84/attachment.html>
_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

Athena(r), Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

__________________________________________________________
CONFIDENTIALITY NOTICE: This e-mail may contain privileged

or confidential information and is for the sole use of the intended

recipient(s). If you are not the intended recipient, any disclosure,

copying, distribution, or use of the contents of this information

is prohibited and may be unlawful. If you have received this electronic

transmission in error, please reply immediately to the sender that

you have received the message in error, and delete it. Thank you



More information about the Ale mailing list