Art Alexion on 17 Dec 2007 06:03:59 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] AV software for Linux (sudo)


On Friday 14 December 2007 16:02:50 Dan Widyono wrote:
> > Having said all of that, one of the tricky things with trying to
> > restrict users is that many tools have a way to "shell out" and get a
> > command prompt.  So if I do not allow you to sudo foo, but I do allow
> > you to sudo vi, you can sudo vi, shell out and run foo anyway.
>
> JP's point is important, which is why there are versions of _some_ of the
> tools which restrict shelling out.  E.g. rvim.  Make sure you fully
> understand the command you are allowing users to sudo-run.
>
> I would never allow sudo emacs.  That's... that's like asking... that's...
>
> It's just crazy, is what it is!
>

With our users, the only thing they will have root access to is the latrine.

Attachment: signature.asc
Description: This is a digitally signed message part.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug