Art Alexion on 17 Dec 2007 06:03:59 -0800 |
On Friday 14 December 2007 16:02:50 Dan Widyono wrote: > > Having said all of that, one of the tricky things with trying to > > restrict users is that many tools have a way to "shell out" and get a > > command prompt. So if I do not allow you to sudo foo, but I do allow > > you to sudo vi, you can sudo vi, shell out and run foo anyway. > > JP's point is important, which is why there are versions of _some_ of the > tools which restrict shelling out. E.g. rvim. Make sure you fully > understand the command you are allowing users to sudo-run. > > I would never allow sudo emacs. That's... that's like asking... that's... > > It's just crazy, is what it is! > With our users, the only thing they will have root access to is the latrine. Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|