sudo Runas_Spec?

Tom Buskey tom at buskey.name
Wed Jul 16 12:20:54 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



pll at lanminds.com wrote:
| Hi,
|
| Anyone ever configure sudo to allow one user to run commands as
| another user?  Currently I have sudo set up, but I want to allow the
| users to run:
|
| 	$ sudo -u foo command
|
| rather than:
|
| 	$ sudo su - user
| 	$ command

Well, you could wrap su - user command in a shell script they're allowed
to run.

| The caveat is that I need to be able to state that eligible users are
| contained within an NIS netgroup.
|

So all someone needs to circumvent your sudo security is to setup a fake
NIS server that responds quicker then the real one with them in the
right netgroups.  This isn't that hard nowadays....

Why not use /etc/group instead?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/FXtm2qRYRRBv/+IRAoCFAJ9UlIEvEGn7MW8aDAbGCWLkLxM0XACfVeD3
C9YXnm9zx7L0FezlwMT6E8s=
=4/RR
-----END PGP SIGNATURE-----




More information about the gnhlug-discuss mailing list