>
> Linux has sudo, Solaris has pfexec --however from what Sriram and Moinak
> say pfexec is far more secure then sudo so in Solaris use pfexec in Linux
> disable sudo!!
>
> Or alternatively in Linux don't use Ubuntu..... it does however make a nice
> desktop distro. Just can't stand the GUI apps on it, mind you I don't like
> RH GUI apps either that appear on CentOS and Fedora. I think that's one of
> the really strong points of Solaris that there aren't any GUI apps at least
> for 10... OSOL and other OSOL based distros a bit different but at heart
> they are all the same.
>
> --K
>
>
I had a nice time once because in Ubuntu you aren't asked to set password
for root while installing. It happened that I had not set a password on root
and a friend came who wished to call -
exec ("sudo touch /foo") from php. Now for this we needed to put www-data
(apache's user) user under sudoers list for sudo to work from webserver. So
carelessly, since I can sudo on a default Ubuntu install, I did something
like this -
ideamonk at rocksolid:/etc$ sudo chown 777 sudoers
ideamonk at rocksolid:/etc$ vim sudoers
ideamonk at rocksolid:/etc$ sudo ls
sudo: /etc/sudoers is owned by uid 777, should be 0
Segmentation fault
ideamonk at rocksolid:/etc$ sudo chmod 440 sudoers
sudo: /etc/sudoers is owned by uid 777, should be 0
Segmentation fault
Wooh! so now I can't do a sudo unless root comes and fixes permissions on
/etc/sudoers back to normal. Since I haven't set a root password yet, I
can't even do a su. That's where the GUI user manager in gnome came to use
and we got rid of the problem.
This case happens to be exclusive to distros that let user ignore root
password. Are there any serious flaws in sudo?
regards,
Abhishek Mishra
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/belenix-discuss/attachments/20091106/c4ae71ed/attachment.html>
