On Thu, Oct 18, 2007 at 07:17:19PM +0100, Smylers wrote: > Eric Wilhelm writes: > > Yep. And if your sudoers file is more restrictive, you might have > > something like this (relative paths aren't allowed in sudoers) > > ewilhelm ALL=(ALL) NOPASSWD: /usr/bin/make install > That does of course mean that any user can run any command at all as > root, passwordlessly: all she has to do is create a makefile ... > [this] isn't suitable in environments where the purpose of > the sudoers restrictions is because you don't completely trust all of > your users.
Nigh-on all useful applications (at least those of the sort you might want someone to run using sudo) have some way of executing something else or changing a file's contents. I treat sudo as a convenience for trusted users, and nothing else. If I don't trust you, you don't get sudo at all. -- David Cantrell | Minister for Arbitrary Justice fdisk format reinstall, doo-dah, doo-dah; fdisk format reinstall, it's the Windows way