tag:blogger.com,1999:blog-31663326.post6160330091558197570..comments2023-04-04T05:23:23.022-05:00Comments on DeBaan: sudo: sudoers examplesDeBaanhttp://www.blogger.com/profile/07091892819320024449noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-31663326.post-82933444709892170932011-02-11T10:30:36.995-06:002011-02-11T10:30:36.995-06:00Hi,
from the manpage is see something like this:
...Hi,<br /><br />from the manpage is see something like this:<br />SECURITY NOTES<br />It is generally not effective to ``subtract'' commands from ALL<br />using the '!' operator...<br /><br />For me sudo is for limiting internal users. So I use "!/path/to/bla" as well. In case of an unwanted user action, everything is logged and that helps much :-)<br /><br />Regards, Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-31663326.post-1780382879363018902010-11-18T11:41:40.562-06:002010-11-18T11:41:40.562-06:00If the goal is "least privilege", then w...If the goal is "least privilege", then we would only grant privileges to execute specific tasks; we would never grant "everything *but*". <br /><br />If we grant "everything *but*", then whatever we don't want the user to do, the user can copy that forbidden item to a new file or some such, and then execute it.<br /><br />I guess the ! could keep honest people Lanehttps://www.blogger.com/profile/13962800706242096612noreply@blogger.comtag:blogger.com,1999:blog-31663326.post-29871501132385196202009-02-19T12:03:00.000-06:002009-02-19T12:03:00.000-06:00I just ran across this post and wanted to point ou...I just ran across this post and wanted to point out that the example you found at http://www.gratisoft.us/sudo/sample.sudoers is exactly the same as the official sudoers example file http://www.sudo.ws/sudo/sample.sudoers.<BR/><BR/>Maybe you explain your problems with it to the sudo maintainers?Anonymousnoreply@blogger.com