Do you know where your variables are? | |
PerlMonks |
Re: Re: Re: Re: Executing Root Commands from user levelby arhuman (Vicar) |
on Jan 18, 2002 at 21:10 UTC ( [id://139868]=note: print w/replies, xml ) | Need Help?? |
Allowing Bob SUDO access to the box could be very very bad, if he truly is a problem. On the other hand, allowing Bob into the access group that can run the apache restart program via a suid bit, means that the only damage he can effectively do (besides erasing config files) is starting and stoping the web server; the rest of the box remains secure. Either I miss somthing either you ignore that sudo can be configured to grant precise/limited access to some prog.
Here I allow user1,user2,user3 (WEBMASTERS's sudo group) to use apachectl Here I allow user2,user3 (SYSADMINS's sudo group) to use the ueber-elite /bin/wiz command Here I allow user4 (DUMBUSERS's sudo group) to use the /bin/blah (I really don't trust him ;-) If an intruder compromise the user4 account he can't do more than executing /bin/blah. Sudo offer tons of other features (ask for passwd, execute under other UID...). You really should give it a try... "Only Bad Coders Code Badly In Perl" (OBC2BIP)
In Section
Seekers of Perl Wisdom
|
|