sudo Runas_Spec?
Tom Buskey
tom at buskey.name
Wed Jul 16 12:20:54 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
pll at lanminds.com wrote:
| Hi,
|
| Anyone ever configure sudo to allow one user to run commands as
| another user? Currently I have sudo set up, but I want to allow the
| users to run:
|
| $ sudo -u foo command
|
| rather than:
|
| $ sudo su - user
| $ command
Well, you could wrap su - user command in a shell script they're allowed
to run.
| The caveat is that I need to be able to state that eligible users are
| contained within an NIS netgroup.
|
So all someone needs to circumvent your sudo security is to setup a fake
NIS server that responds quicker then the real one with them in the
right netgroups. This isn't that hard nowadays....
Why not use /etc/group instead?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/FXtm2qRYRRBv/+IRAoCFAJ9UlIEvEGn7MW8aDAbGCWLkLxM0XACfVeD3
C9YXnm9zx7L0FezlwMT6E8s=
=4/RR
-----END PGP SIGNATURE-----
More information about the gnhlug-discuss
mailing list