Date: Mon, 10 Dec 2001 08:18:34 -0800 From: Landon Stewart <landons@uniserve.com> To: Peter Pentchev <roam@ringlet.net>, Sheldon Hearn <sheldonh@starjuice.net> Cc: Ronan Lucio <ronan@melim.com.br>, security@freebsd.org Subject: Re: Accessing as root Message-ID: <5.1.0.14.0.20011210081655.02664e30@pop.uniserve.com> In-Reply-To: <20011210180639.J757@straylight.oblivion.bg> References: <60409.1008000194@axl.seasidesoftware.co.za> <60355.1008000080@axl.seasidesoftware.co.za> <60409.1008000194@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
--=====================_258913658==_.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed At 06:06 PM 12/10/2001 +0200, Peter Pentchev wrote: >On Mon, Dec 10, 2001 at 06:03:14PM +0200, Sheldon Hearn wrote: > > > > > > On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote: > > > > > > I need to make some scripts to change the password and another > > > > things like that need root permissions, but: > > > > > > > > How can I do it without opening a security hole in the server? > > > > What is the best way to do it? > > > > > > 1) Limit exposure to just those commands that need privelege, by passing > > > your command as arguments to the su(1) command. > > > > This is stupid advice, sorry. > > > > You need to make your script setuid root (see chmod(1)). If the script > > is big, or does complex input handling, consider breaking out the part > > that needs privelege into its own smaller script, called by a wrapper > > that does input sanity checking. > > > > Ultimately, you want to limit the privelege to as little work as > > possible. > >And then, of course, there is the security/sudo port, which lets you >specify which uid's are allowed to execute which commands as root or >whatever other uid, with or without passwords, with or without controlling >terminals. Yes, sudo is definately the BEST bet IMHO. I would like to stress "execute *which* commands as root". You can actually specify what commands are allowed to be executed and optionally with what parameters. --- Landon Stewart Right of Use Disclaimer: "The sender intends this message for a specific recipient and, as it may contain information that is privileged or confidential, any use, dissemination, forwarding, or copying by anyone without permission from the sender is prohibited. Personal e-mail may contain views that are not necessarily those of the company." --=====================_258913658==_.ALT Content-Type: text/html; charset="us-ascii" <html> At 06:06 PM 12/10/2001 +0200, Peter Pentchev wrote:<br> <blockquote type=cite class=cite cite>On Mon, Dec 10, 2001 at 06:03:14PM +0200, Sheldon Hearn wrote:<br> > <br> > <br> > On Mon, 10 Dec 2001 18:01:20 +0200, Sheldon Hearn wrote:<br> > <br> > > > I need to make some scripts to change the password and another<br> > > > things like that need root permissions, but:<br> > > > <br> > > > How can I do it without opening a security hole in the server?<br> > > > What is the best way to do it?<br> > > <br> > > 1) Limit exposure to just those commands that need privelege, by passing<br> > > your command as arguments to the su(1) command.<br> > <br> > This is stupid advice, sorry.<br> > <br> > You need to make your script setuid root (see chmod(1)). If the script<br> > is big, or does complex input handling, consider breaking out the part<br> > that needs privelege into its own smaller script, called by a wrapper<br> > that does input sanity checking.<br> > <br> > Ultimately, you want to limit the privelege to as little work as<br> > possible.<br><br> And then, of course, there is the security/sudo port, which lets you<br> specify which uid's are allowed to execute which commands as root or<br> whatever other uid, with or without passwords, with or without controlling<br> terminals.</blockquote><br> Yes, sudo is definately the BEST bet IMHO. I would like to stress "execute *which* commands as root". You can actually specify what commands are allowed to be executed and optionally with what parameters.<br><br> <br><br> <x-sigsep><p></x-sigsep> <tt><font face="Courier New, Courier" color="#800080">---<br> </font><font face="Courier New CE, Courier" color="#0000FF">Landon Stewart<br><br> <br> </font><font face="Fixedsys" color="#C0C0C0">Right of Use Disclaimer:<br> "The sender intends this message for a specific recipient and, as it may contain information that is privileged or confidential, any use, dissemination, forwarding, or copying by anyone without permission from the sender is prohibited. Personal e-mail may contain views that are not necessarily those of the company."<br> </font></html> --=====================_258913658==_.ALT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20011210081655.02664e30>