[sudo-users] Installing Application without full sudo privilege

Asif Iqbal vadud3 at gmail.com
Mon Feb 16 16:15:20 EST 2009


On Sun, Feb 15, 2009 at 8:57 PM, Matthew Hannigan <mlh at zip.com.au> wrote:
> On Fri, Feb 13, 2009 at 12:16:11PM -0800, Russell Van Tassell wrote:
>>
>> [Removing sudo-workers, again, as this isn't a "code" issue]
>>
>> On Fri, Feb 13, 2009 at 02:57:38PM -0500, Asif Iqbal wrote:
>> > On Fri, Feb 13, 2009 at 2:56 PM, Makarand Dongare <mmdongare at gmail.com> wrote:
>> > > Just use root.sh without complete path as the oracle dba will need to
>> > > cd to the path and run as sudo ./root.sh. This way it should work
>> > > fine.
>> >
>> > very good idea !!
>>
>> Not sure I understand what you're getting at, here... but you'll still
>> need the absolute path in the sudoers file, AFAIK.
>>
>> Getting back to the alias idea, I generally create Cmnd_Aliases in the
>> sudoers file for "all" the paths they'll ever need.  So, in the current
>> example, I'd do something such as:
>>
>> Host_Alias NET_10_8       =   10.0.0.0/255.0.0.0
>> User_Alias ORACLE_ADMIN   =   %oracle
>> Cmnd_Alias ORACLE_ROOT_SH =   /opt/oracle/bin/root.sh, \
>>                               /usr/local/oracle/bin/root.sh
>>
>> ORACLE_ADMIN NET_10_8 = (oracle) ORACLE_ROOT_SH
>
> This is better but implies you (the sysadmin) will have to maintain root.sh.
> That implies reviewing it and possibly reinstalling for every new version of
> Oracle at least.  You might need multiple versions.
>
> Even then it will give you a false sense of security.  I can see
> a few places in root.sh that could be exploited to give the
> person who runs it extra privileges.  It uses backticks and unquoted
> variables as well as trusting its environment to a scertain degree.
> It also invokes non-root owned sub programs.
>
> You probably have to rewrite it partly to make it secure and yet make it
> compatible enough with the vendor version.  This is a significant
> responsibility for the sysadmin!
>
> The proper solution to this mess is to have Oracle simplify and improve their
> installation procedure.

Agreed!

>
> Currently either sysadmin has to trust their DBA (at least for the duration
> of the install) or the sysadmin has to run root.sh for them.  Even here the

I will monitor the checksum of the file using our monitoring tool which is on a
remote box

> sysadmin has to eyeball the script and check his environment and the programs
> it calls in turn beforehand.
>
>
>
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?



More information about the sudo-users mailing list