On 06/14/2013 11:51 AM, Steven Stern wrote:
OK, let's now have some fun....
sudo cp /bin/bash /bin/mylocalshell
sudo mylocalshell
I know this is preventable, but it's something to think about. No one
should have sudo who you would not trust with root itself. sudo just
adds a layer of accountability.
AIUI, use of sudo is logged. if you want to limit the number of
suspicious entries, use this as the second command:
sudo chmod a+s /bin/mylocalshell
Unless my understanding of how that works is badly off (and if it is,
please let me know) mylocalshell now runs with root privileges by
default. No more need to use sudo and risk having somebody spot abuses
in a log. In fact, you can have your sudo privs revoked and still have
root access.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org