Re: change sudoers remotely

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Tim Dunphy wrote:
> hello list,
>
>  I've been asked to give someone sudo rights across an entire environment
> without the benefit of something like puppet or chef or cfengine et al.
>
> What I've come up with so far is this:
>
> ssh -t miaprbicsra04v sudo -S /bin/echo "rsherman ALL=\(ALL\) NOPASSWD:
> /sbin/service /bin/rm /usr/bin/du /bin/df" >> sudo tee /etc/sudoers

Bad admin. No coffee for you!

First, I would have listed the above as
> ssh -t <whatsit> sudo -S /bin/echo "<username> ALL=\(ALL\) NOPASSWD:
> /sbin/service /bin/rm /usr/bin/du /bin/df" >> sudo tee /etc/sudoers

Since doing what you did just told the world a username that they can try
to break in with.

Second, sudoers should ALWAYS be edited with visudo, and you might do a
here script....
<snip>
        mark


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux