FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 08-30-2012, 11:48 PM
Kevin Chadwick
 
Default Sudo arch wiki

Cmnd_Alias EDITS
= /usr/bin/vim, /usr/bin/nano, /usr/bin/cat, /usr/bin/vi Cmnd_Alias
ARCHLINUX = /usr/sbin/gparted, /usr/bin/pacman, /usr/bin/pacman-color

root ALL = (ALL) ALL
USER_NAME ALL = (ALL) ALL, NOPASSWD: WHEELER, NOPASSWD: PROCESSES,
NOPASSWD: ARCHLINUX, NOPASSWD: EDITS




The arch wiki docs are usually very good but the sudo page is
dangerous.

The offered configs suggest adding editors to sudo when sudoedit should
only be added and only to a set file otherwise sudo is basically just
su and without a password in the example so suid all due to the user
being able to edit sudoers or escape the editor.

--
__________________________________________________ _____________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
__________________________________________________ _____________________
 
Old 08-30-2012, 11:53 PM
Allan McRae
 
Default Sudo arch wiki

On 31/08/12 09:48, Kevin Chadwick wrote:
> Cmnd_Alias EDITS
> = /usr/bin/vim, /usr/bin/nano, /usr/bin/cat, /usr/bin/vi Cmnd_Alias
> ARCHLINUX = /usr/sbin/gparted, /usr/bin/pacman, /usr/bin/pacman-color
>
> root ALL = (ALL) ALL
> USER_NAME ALL = (ALL) ALL, NOPASSWD: WHEELER, NOPASSWD: PROCESSES,
> NOPASSWD: ARCHLINUX, NOPASSWD: EDITS
>
>
>
>
> The arch wiki docs are usually very good but the sudo page is
> dangerous.
>
> The offered configs suggest adding editors to sudo when sudoedit should
> only be added and only to a set file otherwise sudo is basically just
> su and without a password in the example so suid all due to the user
> being able to edit sudoers or escape the editor.
>

It is a wiki. Edit it...
 
Old 08-31-2012, 09:09 AM
Kevin Chadwick
 
Default Sudo arch wiki

> > Cmnd_Alias EDITS
> > = /usr/bin/vim, /usr/bin/nano, /usr/bin/cat, /usr/bin/vi Cmnd_Alias
> > ARCHLINUX = /usr/sbin/gparted, /usr/bin/pacman, /usr/bin/pacman-color
> >
> > root ALL = (ALL) ALL
> > USER_NAME ALL = (ALL) ALL, NOPASSWD: WHEELER, NOPASSWD: PROCESSES,
> > NOPASSWD: ARCHLINUX, NOPASSWD: EDITS
> >
> >
> >
> >
> > The arch wiki docs are usually very good but the sudo page is
> > dangerous.
> >
> > The offered configs suggest adding editors to sudo when sudoedit should
> > only be added and only to a set file otherwise sudo is basically just
> > su and without a password in the example so suid all due to the user
> > being able to edit sudoers or escape the editor.
> >
>
> It is a wiki. Edit it...

Fair enough, I did look to but stopped at the need to register/login as
I often do on forums. Wikipedia doesn't require a login but I guess
they pay reviewers?

--
__________________________________________________ _____________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
__________________________________________________ _____________________
 

Thread Tools




All times are GMT. The time now is 06:29 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org