sudo Runas_Spec?

pll at lanminds.com pll at lanminds.com
Wed Jul 16 12:26:50 EDT 2003


In a message dated: Wed, 16 Jul 2003 12:20:54 EDT
Tom Buskey said:

>Well, you could wrap su - user command in a shell script they're allowed
>to run.

More work than I care to undertake.  It's for ClearCase :)

>So all someone needs to circumvent your sudo security is to setup a fake
>NIS server that responds quicker then the real one with them in the
>right netgroups.  This isn't that hard nowadays....

If someone wants to circumvent security here, setting up a fake NIS 
server it way too much work.  There are far easier ways around here :)
(there is no security, telnet is openly used and recommended.)

>Why not use /etc/group instead?

A. Everyone is already in the netgroup.
B. I don't care
C. I'm getting laid off in 2 weeks at which point there'll be an SEP 
   field surrounding this issue :)
-- 

Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!





More information about the gnhlug-discuss mailing list