interesting indeed Does anyone have any experience with: http://freshmeat.net/projects/sudoscript/
On Fri, Jul 24, 2009 at 9:55 AM, Berthold Cogel<[email protected]> wrote: > Chris Davies schrieb: >> Berthold Cogel <[email protected]> wrote: >>> We're doing somthing like this in /etc/sudoers: >> >> >>> Cmnd_Alias SHELLS = /bin/sh, \ >>> /bin/bash, \ >> [...] >> >>> TRUSTED_USR ALL = NOPASSWD: ALL ,!SHELLS, NOROOT >> >> Surely this breaks trivially? >> >> ln -s /bin/bash /tmp/somethingelse >> sudo /tmp/somethingelse >> >> Chris >> >> > > Of course you're right... > > But in this case TRUSTED_USR means what it says... It's only to prevent > colleagues to shoot themselves. > > For the very special setup on some of our systems they need a lot of > permissions. But we don't want them do be root for some reasons. > Surely they can break the setup if they want. But they gain nothing if > they do. > > It's not a setup we make for every user. But it would be a waste to > define each single command in this case. If they really need to be root, > they can use sudosh. > > > Berthold > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
