[sudo-users] mysqldump without sh -c ?
Jordi Espasa Clofent
jespasac at minibofh.org
Wed Aug 12 11:53:24 EDT 2009
Todd C. Miller escribió:
> If the only reason you are using sudo for this is to write to
> /parh/backup_db/backup.sql, why not just make the file (or directory)
> writable by a group that the support people are in? Then you
> wouldn't need to use sudo at all...
>
> - todd
Yes.
My main problem is I've configured sudo to allow all and restrict only
some commands, and the more secure (and correct) policy should be to
deny all by default and allow the needed commands only. I'm working on
this now.
--
Thanks,
Jordi Espasa Clofent
More information about the sudo-users
mailing list