On Thu, Oct 18, 2007 at 07:17:19PM +0100, Smylers wrote:
> Eric Wilhelm writes:
> > Yep. And if your sudoers file is more restrictive, you might have
> > something like this (relative paths aren't allowed in sudoers)
> > ewilhelm ALL=(ALL) NOPASSWD: /usr/bin/make install
> That does of course mean that any user can run any command at all as
> root, passwordlessly: all she has to do is create a makefile ...
> [this] isn't suitable in environments where the purpose of
> the sudoers restrictions is because you don't completely trust all of
> your users.
Nigh-on all useful applications (at least those of the sort you might
want someone to run using sudo) have some way of executing something
else or changing a file's contents. I treat sudo as a convenience for
trusted users, and nothing else. If I don't trust you, you don't get
sudo at all.
--
David Cantrell | Minister for Arbitrary Justice
fdisk format reinstall, doo-dah, doo-dah;
fdisk format reinstall, it's the Windows way
