rename root

Simon Geard delgarde at ihug.co.nz
Thu Oct 18 03:07:49 PDT 2001


On Thursday 18 October 2001 04:34, Fabio Fracassi wrote:

> When dealing with security sensitive things one should always be very
> careful. Your examples above sound like very sloopy administration.

It does rather, doesn't it? Handy from a certain point of view though... if 
used with care, it lets me fix some of the small problems that would 
otherwise require getting help from the admins - killing some runaway 
processes, correcting incorrect file ownership and permissions. The latter 
has been quite common, owing to some mixed up umask settings on one of the 
sudo-run scripts - it's not so helpful, having our output files owned 
root, permissions 600.

> If you are not sure wether a program allows more then you intend it to,
> write a wrapper script (write protectet of course), that enforces your
> restrictions.

One more recent script does that - the path to it is hardcoded in to 
/etc/sudoers, rather than using $PATH.  It's essentially a switcher, which 
makes sure it's running as root (sudoing itself if needbe) then choosing the 
appropriate scripts to run. It's not perfect, but it's an improvement.

Simon.
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list