Date: Fri, 30 Jul 1999 12:22:47 -0400 (EDT) From: x@asdf.com To: freebsd-questions@FreeBSD.ORG Subject: Re: how to watch the root user? or sudo security issue? Message-ID: <Pine.LNX.4.02A.9907301218430.13827-100000@cobalt.novagate.net> In-Reply-To: <Pine.BSF.4.05.9907191404520.331-100000@venus.GAIANET.NET>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Jul 1999, Vincent Poy wrote: > On Mon, 19 Jul 1999, Ilia Chipitsine wrote: > > > look at the sudo program, it's in the ports collection. > > it has a configuration, which describes which user is allowed > > to do tasks as a root. > > > > but, once you gave somebody all the root's rights, it's not possible to > > watch what he/she did. > > > > do not allow 'sudo' for > > > > 1. cp > > 2. rm > > 3. dd > > 4. passwd > > 5. ? One thing I've noticed with sudo, if you give some access to pico or another editor via sudo they could just edit the sudoers file and give themselves whatever permissions they wanted to :-/ Not good. -Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.02A.9907301218430.13827-100000>