[sudo-users] sudo configuration

dave.parson at daimler.com dave.parson at daimler.com
Tue Oct 7 18:28:23 EDT 2008


Give out 'only' what they need to do.  We have a rule.  if you can't tell 
us what you want or need to run as root,  then you don't need root (read 
this as you don't know what your doing)  The best model is to give them 
"only" what they need and go from there - don't start will (all) and try 
to take it away - that is not very secure and someone is going to have an 
easier time finding a work around.

That said, I don't know your situation, but I would think that if they 
have root (all)  this means they are already a system administrator and 
not a user or app support person.





jakrainer at yahoo.com 
Sent by: sudo-users-bounces at courtesan.com
10/07/2008 01:51 PM

To
sudo-users at sudo.ws
cc

Subject
[sudo-users] sudo configuration






Hello everyone,
What would be the best way to avoid an user from executing the following 
commands:

sudo /bin/ln -s /usr/bin/su sap_file
sudo ./sap_file - 

and get root access on a AIX server.
I´m using sudo 1.6.9.17

Thanks in advance,

Jackson


      Novos endereços, o Yahoo! que você conhece. Crie um email novo com a 
sua cara @ymail.com ou @rocketmail.com.
http://br.new.mail.yahoo.com/addresses
____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users



If you are not the intended addressee, please inform us immediately that you have received this e-mail in error, and delete it. We thank you for your cooperation.  


More information about the sudo-users mailing list