Re: Giving full administrator privileges through sudo on production systems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, Aug 29, 2019 at 6:05 PM Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx>
wrote:

>
>
> On 2019-08-29 10:53, Jonathan Billings wrote:
> > On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev wrote:
> >> root@point:/home/valeri # cd
> >> root@point:~ # whoami
> >> root
> >> root@point:~ # rm -rf /
> >> rm: "/" may not be removed
> >>
>

Sometimes the worst commands are those done not intentionally but due to
human error or underestimation: I remember one time on 1994 I executed
deltree  from c:\ on a Win 3.1 system and I had to reinstall the box...
perhaps a subliminal desire to install Linux...
So coming back to the initial question you can give sudo for all and the
user can be in / thinking to be in another directory and run a command like
$$$$ sudo find . -type f -exec rm -f {} \;
and the effects would not be nice at all
Or he/she can create a script that executes a change directory and then
remove/manipulate contents inside the destination directory and if he/she
doesn't test the return code of the "cd" command, and then actually the
removal actions will run from the current directory where the user is when
running the script...

Just to give two examples not to give unlimited / uncontrolled power to
anyone..

Gianluca
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux