Re: [PLUG] AV software for Linux (sudo)

Dan Widyono on 14 Dec 2007 21:02:57 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] AV software for Linux (sudo)

From: Dan Widyono <dan@widyono.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] AV software for Linux (sudo)

Date: Fri, 14 Dec 2007 16:02:50 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Mutt/1.4.1i

> Having said all of that, one of the tricky things with trying to > restrict users is that many tools have a way to "shell out" and get a > command prompt. So if I do not allow you to sudo foo, but I do allow > you to sudo vi, you can sudo vi, shell out and run foo anyway. JP's point is important, which is why there are versions of _some_ of the tools which restrict shelling out. E.g. rvim. Make sure you fully understand the command you are allowing users to sudo-run. I would never allow sudo emacs. That's... that's like asking... that's... It's just crazy, is what it is! Dan W. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] AV software for Linux (sudo)
From: Art Alexion <art.alexion@verizon.net>

References:

Re: [PLUG] AV software for Linux (sudo)
From: JP Vossen <jp@jpsdomain.org>

Prev by Date: Re: [PLUG] AV software for Linux (sudo)

Next by Date: Re: [PLUG] Issues with Java/Tomcat on RedHat

Previous by thread: Re: [PLUG] AV software for Linux (sudo)

Next by thread: Re: [PLUG] AV software for Linux (sudo)

Index(es):

Date

Thread