[sudo-users] possible sudo bug?
Russell Van Tassell
russell+sudo-users at loosenut.com
Tue Nov 20 20:46:52 EST 2007
Yep, I hear ya... but, as a UN*X admin myself, I'd look at removing "other"
or "world" perms as completely eliminating anyone but user/groups from
access... you could always change the group on the directory.
And yeah, from the production stand-point, it sort of sucks to worry
about what might have broken... but as with any core utility, I'd expect
complete regression testing or at least a QA/testing/staging environment
where you'd mirror production as closely as possible before deployment...
but, well, that's just my approach.
On Wed, Nov 21, 2007 at 12:11:31PM +1100, Wing Ho Tang wrote:
> I totally agree that execute permissions alone is adequate.. but this is how the guys who look after the app have setup there permissions...
> its only failed on this PROD system cos on every other system they have execute set for other!
> For some reason they wanted more security on PROD, hence the execute bit for other was not set and sudo was happy.. but it ain't happy no more.. :(
> ah well.. I told them they'll just have to live with the execute bit on other..
> My concern is that other stuff configured in a similar way may break without us knowing...grrr...
Russell M. Van Tassell
russell at loosenut.com
"It's just the age It's just a stage We disengage We turn the page
Every day we're standing in a time capsule" - N. Peart
More information about the sudo-users