Re: Tool of Use to Unix WebCat Admins

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 36035
interpreted = N
texte = On 8/9/00 1:37 PM, John Peacock at JPeacock@UnivPress.com wrote:> Sudo is a program designed to allow a sysadmin to give limited root> privileges to users and log root activity. [...]Sudo is a very handy tool but you have to be careful because it can be asecurity hole if you're not. For example, you don't want any of yoursudoers to be able to run an editor as root, because many unix editors allowshell escapes, which would give the sudoer a root shell. Also, any sudoerhas to be on guard against password compromise, more so than a regular usersince anybody with their name and passowrd can do any potentiallydestructive activities allowed by the sudoers file. Sudo's ALL=ALLdirective is particularly dangerous since it practically makes a user withthat attribute root. If you use sudo (read: if you provide shells to yourcustomers at all), urge your users to use SSH or some other crypted protocolto start a shell session and be as strict as possible in definingpermissions in the sudoers file. Start out with only a few privileges atfirst and keep everything else clamped down, then grant privileges only asneeded.Actually, it's best not to provide shell access in the first place unlessit's unavoidable.-- Andrew Vernonavernon@dramatols.net-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: Tool of Use to Unix WebCat Admins (John Peacock 2000)
Re: Tool of Use to Unix WebCat Admins (Andrew Vernon 2000)
Tool of Use to Unix WebCat Admins (John Peacock 2000)
Tool of Use to Unix WebCat Admins (John Peacock 2000)
Re: Tool of Use to Unix WebCat Admins (Dale 2000)
Tool of Use to Unix WebCat Admins (John Peacock 2000)

On 8/9/00 1:37 PM, John Peacock at JPeacock@UnivPress.com wrote:> Sudo is a program designed to allow a sysadmin to give limited root> privileges to users and log root activity. [...]Sudo is a very handy tool but you have to be careful because it can be asecurity hole if you're not. For example, you don't want any of yoursudoers to be able to run an editor as root, because many unix editors allowshell escapes, which would give the sudoer a root shell. Also, any sudoerhas to be on guard against password compromise, more so than a regular usersince anybody with their name and passowrd can do any potentiallydestructive activities allowed by the sudoers file. Sudo's ALL=ALLdirective is particularly dangerous since it practically makes a user withthat attribute root. If you use sudo (read: if you provide shells to yourcustomers at all), urge your users to use SSH or some other crypted protocolto start a shell session and be as strict as possible in definingpermissions in the sudoers file. Start out with only a few privileges atfirst and keep everything else clamped down, then grant privileges only asneeded.Actually, it's best not to provide shell access in the first place unlessit's unavoidable.-- Andrew Vernonavernon@dramatols.net-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Andrew Vernon

DOWNLOAD WEBDNA NOW!

Re: Tool of Use to Unix WebCat Admins

2000

Top Articles:

Related Readings: