[sudo-users] I need help with sudoers..

Tue Jan 27 17:18:28 EST 2009

That is exactly what I said... Thanks again..
Someone posed a bash shell that actually logs.. I cannot trace that email anymore...

Does anyone remember what that is?

-----Original Message-----
From: Russell Van Tassell [mailto:russell+sudo-users at loosenut.com]
Sent: Monday, January 26, 2009 3:07 PM
To: Manjunatha, Jamuna
Cc: Pidugu Vijaya; Radesh_Singh at ml.com; sudo-users at sudo.ws
Subject: Re: [sudo-users] I need help with sudoers..

It should be mentioned that there are alternatives to sudoshell, such as
osh... they're all third party projects, as far as I know, though.

Ideally, however, in my opinion it's often better to try to force "a
culture change" with how people use sudo... you should prevent access to
commands like "su" or anything where a shell can easily be obtained,
then ask folks to simple preface "sudo" on commands that need elevated
privileges.

Yes, this tends to complicate the sudoers file a bit, and some would say
increases maintenance on it.  However, when you need to give basic users
some extra power without sacrificing overall host security, I believe
the benefits outweigh the shortcomings (and after a while, your sudoers
file will be built up nicely and really not require that much in the way
of changes and/or additions).

On Sun, Jan 25, 2009 at 12:22:21PM -0500, Manjunatha, Jamuna wrote:
> Yes, agreed...
>
> That is the only best option..
>
> Thanks a lot!!!
>
> ________________________________
>
> From: Pidugu Vijaya [mailto:Vijaya.Pidugu at sig.com]
> Sent: Sun 1/25/2009 9:11 AM
> To: Manjunatha, Jamuna; 'Radesh_Singh at ml.com'; 'sudo-users at sudo.ws'
> Subject: Re: [sudo-users] I need help with sudoers..
>
>
> You cannot do this.  The only way to achieve this is by forcing the user to use sudo in front of every command he or she needs to run as root.  For that you have to prevent the user from getting root shell which is pretty easy!
>
>
> ----- Original Message -----
> From: sudo-users-bounces at courtesan.com <sudo-users-bounces at courtesan.com>
> To: Singh, Radesh (GTS) <Radesh_Singh at ml.com>; sudo-users at sudo.ws <sudo-users at sudo.ws>
> Sent: Fri Jan 23 15:13:24 2009
> Subject: Re: [sudo-users] I need help with sudoers..
>
> I tried this, but I have linux so no luck...
>
> [...]
>
> -----Original Message-----
> From: Manjunatha, Jamuna [mailto:Jamuna.Manjunatha at ironmountain.com]
> Sent: Thursday, January 22, 2009 12:41 PM
> To: Singh, Radesh (GTS); sudo-users at sudo.ws
> Subject: RE: [sudo-users] I need help with sudoers..
>
> [What changes I need to make in the /etc/sudoers file??]
>
> -----Original Message-----
> From: Singh, Radesh (GTS) [mailto:Radesh_Singh at ml.com]
> Sent: Thursday, January 22, 2009 12:39 PM
> To: Manjunatha, Jamuna; sudo-users at sudo.ws
> Subject: RE: [sudo-users] I need help with sudoers..
>
> [sudoshell]
>
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> Sent: Wednesday, January 21, 2009 12:06 PM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] I need help with sudoers..
>
> Hi all,
>
>
>
> I am trying to setup a sudo..
>
> [How do I log commands from a shell?]

--
Russell M. Van Tassell
russell at loosenut.com

"Quick to judge, Quick to anger, slow to understand. Ignorance and
 prejudice and fear walk hand in hand."                       - N. Peart

IMPORTANT: The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.