Re: Wheel and YUM!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Plant, Dean wrote:
I see your trying to protect your users from becoming root. You do
realise that with that sudo configuration a user can still run "sudo
/bin/bash" or any of the other shells to gain root access.
Hi Dean,

I don't think that's correct. One of the purposes of the sudoers file is you can limit users to specific programs, excluding them from others. This entry, which I just tested in my CentOS5.2 box, allows the user tldap to use yum, but not /bin/bash:-
tldap   ALL=/usr/bin/yum

Here's what happens when I try sudo as user tldap:-
2.6.18-92.1.1.el5.centos.plusxen[tldap@www ~]$ sudo yum update
Loading "fastestmirror" plugin
Loading "priorities" plugin
Loading mirror speeds from cached hostfile
* base: rsync.atworks.co.jp
* updates: rsync.atworks.co.jp
* centosplus: mirror.exetel.com.au
* addons: mirror.exetel.com.au
* extras: mirror.exetel.com.au
0 packages excluded due to repository priority protections
Setting up Update Process
No Packages marked for Update
2.6.18-92.1.1.el5.centos.plusxen[tldap@www ~]$ sudo /bin/bash
Sorry, user tldap is not allowed to execute '/bin/bash' as root on www
2.6.18-92.1.1.el5.centos.plusxen[tldap@www ~]$

Cheers,

Ian
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux