|
in reply to Re: Re: qx//, ssh -t (pseudo-tty) and sudo
in thread qx//, ssh -t (pseudo-tty) and sudo
sudo is highly configurable as to which user/group can do what. You can fine-tune which user can do X, which group can do Y, etc.
Agreed, but once I convinced the system admin that I had to do sudo make to compile some program. Having obtained the sudo access, I made a simple Makefile that called a script that modified the sudoer file, and gave me total control of the system. :-)
|
Re: Re: Re: Re: qx//, ssh -t (pseudo-tty) and sudo
by shockme (Chaplain) on Nov 12, 2003 at 01:19 UTC
|
Given that /etc/sudoers is supposed to be read-only (444), this smacks of an insecure installation.
However, my point was not that sudo is perfection, only that it is far more preferable to allowing root access to ssh.
If things get any worse, I'll have to ask you to stop helping me.
| [reply] |
|
|
Yes I agree with you that sudo is better than direct root acess. And on my system I don't allow remote root login anyway.
Given that /etc/sudoers is supposed to be read-only (444), this smacks of an insecure installation.
Yes the /etc/sudoers file was read-only, but my script does -
chmod u+w /etc/sudoers
... bits to modify my sudoers entry ...
chmod u-w /etc/sudoers
When I do a sudo make, *every* command inside the Makefile are automatically run with ROOT priviledges, so there is no secure system when I can do "sudo make". :)
(I know this is OT, but interesting to know and talk about. So one thing I never do is to give people sudo access on make)
| [reply]
[d/l] |
|
|
Okay, then you're original statement (Roger thinks ssh->root is as secure/insecure as ssh->sudo.) is somewhat qualified. I can live with that. It was that statement that led to my original reply. They're not the same, and I think we've both made that clear.
The end. ;)
If things get any worse, I'll have to ask you to stop helping me.
| [reply] |
|
