Re: Sudo question

From: John Jolet (john.jolet@FXFN.COM)
Date: Mon Apr 19 2004 - 10:20:28 EDT

um, in what way does giving someone "view" with sudo allow overwrite of ANYTHING? maybe use less or more?

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Holger.VanKoll@SWISSCOM.COM
Sent: Monday, April 19, 2004 8:33 AM
To: aix-l@Princeton.EDU
Subject: Re: Sudo question

looks dangerous to me

letting him do view as root will let him overwrite everything in that
dir, even with Rsh (not rsh!)
with a bit knowledge he also can overwrite/read everything else

i would let him copy this file to his homedir with sudo; then he can
view it there

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Miller, Dave (I.S.)
Sent: Monday, April 19, 2004 3:21 PM
To: aix-l@Princeton.EDU
Subject: Re: Sudo question

Thanks I'll look into rsh.
My original intent/question more specifically was to be able to allow
them to

cd /home/webserver/logs
ls
view somelog.file

Thanks.

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Holger.VanKoll@SWISSCOM.COM
Sent: Monday, April 19, 2004 9:09 AM
To: aix-l@Princeton.EDU
Subject: Re: Sudo question

I doubt the original poster only wants to allow a "cd". Thats pointless.
If we knew what shell be achived, we could help better.

Meanwhile here is some guessing; allow sudo to call a restricted shell.
man Rsh

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Bill Thompson
Sent: Saturday, April 17, 2004 4:53 PM
To: aix-l@Princeton.EDU
Subject: Re: Sudo question

While "sudo sh" will work be aware that this will give the user running
this command full root access. He/she will be in a shell as
root - very dangerous.

sudo is a great tool for allowing access to commands a user does not
normally have rights to run but it does not replace Unix
permissions. i.e.: user "A" needs to be able to edit all of the files in
directory /foo/bar however, these files are owned by root.
There is no easy way to get sudo to do this. You would think configuring
something along the lines of "/bin/vi /foo/bar/*" would be
the answer and this will allow the user to edit said files, but it will
also allow the user to edit ANY file on the system. e.g.:
"sudo /bin/vi /foo/bar/../../etc/sudoers" will work just fine!

If anybody knows of a good way to do this (other than a wrapper script)
please share. I'd be very interested in seeing how other
people have solved this problem.

Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.

Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The
Goodyear Tire & Rubber Company.

AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2

----- Original Message -----
From: "Michael Cheselka" <cheselka@LINUX.CACTUS.ORG>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Saturday, April 17, 2004 10:04 AM
Subject:
Bill Thompson
Sr UNIX Systems Administrator
The Goodyear Tire & Rubber Co.

Contains Confidential and/or Proprietary Information
May Not Be Copied or Disseminated Without Express Consent of The
Goodyear Tire & Rubber Company.

AIX-L Archives: http://marc.theaimsgroup.com/?l=aix-l&r=1&w=2

----- Original Message -----
From: "Michael Cheselka" <cheselka@LINUX.CACTUS.ORG>
Newsgroups: bit.listserv.aix-l
To: <aix-l@Princeton.EDU>
Sent: Saturday, April 17, 2004 10:04 AM
Subject: Re: Sudo question

> No, sudo sets up a sub-shell, executes the command( in this case
> "cd"), and then exits upon the command's completion.
>
> You might want to sudo a shell( "sudo csh" or "sudo sh") and then cd
> while in the new shell or create a shell script and do the samething
> in the script.
>
> On Fri, Apr 16, 2004 at 02:02:03PM -0400, Miller, Dave (I.S.) wrote:
> > When I allow someone to cd /some/directory as root, with sudo, it
takes
> > the command, but
> > Does not make that directory current....Is there a way to do that?
> >
> > Thanks.
> --
> Michael R. M. Cheselka ryoohki@ryoohki.org
> Itsu Made Mo "Love & Peace" ryoohki@spymac.com
> http://www.cactus.org/~cheselka cheselka@cactus.org

> No, sudo sets up a sub-shell, executes the command( in this case
> "cd"), and then exits upon the command's completion.
>
> You might want to sudo a shell( "sudo csh" or "sudo sh") and then cd
> while in the new shell or create a shell script and do the samething
> in the script.
>
> On Fri, Apr 16, 2004 at 02:02:03PM -0400, Miller, Dave (I.S.) wrote:
> > When I allow someone to cd /some/directory as root, with sudo, it
takes
> > the command, but
> > Does not make that directory current....Is there a way to do that?
> >
> > Thanks.
> --
> Michael R. M. Cheselka ryoohki@ryoohki.org
> Itsu Made Mo "Love & Peace" ryoohki@spymac.com
> http://www.cactus.org/~cheselka cheselka@cactus.org

-----------------------------------------
CONFIDENTIALITY NOTICE: This email communication and any attachments may
contain confidential and privileged information for the use of the
designated recipients named above. If you are not the intended
recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure, dissemination,
distribution or copying of it or its contents is prohibited. If you have
received this communication in error, please reply to the sender
immediately or by telephone at (413) 794-0000 and destroy all copies of
this communication and any attachments. For further information
regarding Baystate Health System's privacy policy, please visit our
Internet web site at http://www.baystatehealth.com.

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:50 EDT