[sudo-users] Distributing the sudoers file using rsync as a non root user

Martin Schröder ms at artcom-gmbh.de
Fri Oct 1 03:49:14 EDT 2004

On 2004-09-30 21:00:43 -0700, Paul M. Lambert wrote:
> >This can be controlled a bit by setting options in 
> >~/.ssh/authorized_keys
> authorized_keys can only control what command is run.  in this case, 
> that command is rsync, and it can write to any file it has write 
> privileges to.  running it as root gives it write privileges to every 
> file, so it can essentially do anything it wants.

But authorized_keys can control the hosts which are allowed to login
with a key and can diable any interactive shell-access for a key.
This still allows writes with rsync from these hosts; but they can
be trusted not to do this.

Best regards
               Martin Schröder, ms at artcom-gmbh.de
     ArtCom GmbH, Lise-Meitner-Str 5, 28359 Bremen, Germany
          Voice +49 421 20419-44 / Fax +49 421 20419-10

More information about the sudo-users mailing list