[sudo-users] possible sudo bug?

Russell Van Tassell russell+sudo-users at loosenut.com
Tue Nov 20 20:46:52 EST 2007


Yep, I hear ya... but, as a UN*X admin myself, I'd look at removing "other"
or "world" perms as completely eliminating anyone but user/groups from
access... you could always change the group on the directory.

And yeah, from the production stand-point, it sort of sucks to worry
about what might have broken... but as with any core utility, I'd expect
complete regression testing or at least a QA/testing/staging environment
where you'd mirror production as closely as possible before deployment...
but, well, that's just my approach.

On Wed, Nov 21, 2007 at 12:11:31PM +1100, Wing Ho Tang wrote:
> 
> I totally agree that execute permissions alone is adequate.. but this is how the guys who look after the app have setup there permissions... 
> its only failed on this PROD system cos on every other system they have execute set for other!
> For some reason they wanted more security on PROD, hence the execute bit for other was not set and sudo was happy.. but it ain't happy no more.. :(  
> ah well.. I told them they'll just have to live with the execute bit on other.. 
> My concern is that other stuff configured in a similar way may break without us knowing...grrr...
> 
> cheers,
> wing

-- 
Russell M. Van Tassell
russell at loosenut.com

"It's just the age It's just a stage We disengage We turn the page
 Every day we're standing in a time capsule"                  - N. Peart



More information about the sudo-users mailing list