[sudo-users] Fwd: File owners and sudo execution ?
Aaron Lewis
the.warl0ck.1989 at gmail.com
Sun Apr 3 20:18:48 EDT 2011
Forgot to CC ...
On 19:50 Sun 03 Apr , slawek at lach.art.pl wrote:
> Dnia niedziela, 3 kwietnia 2011 o 16:24:52 Aaron Lewis napisał(a):
> > On 16:14 Sun 03 Apr , slawek at lach.art.pl wrote:
> > > Dnia niedziela, 3 kwietnia 2011 o 10:07:05 Aaron Lewis napisał(a):
> > > > Hi,
> > > >
> > > > Does sudo support the following feature ?
> > > > If target file is now owned by a specific user , deny
executing or
> > > > ask for user password.
> > > >
> > > > Many thanks.
> > >
> > > I suggest to rather create sandbox tool, which allow to support this.
To
> > > support this feature sudo should better understand command line
> > > invocation.
> >
> > Sorry , didn't realize that i made a typo , i just want sudo to make
> > sure target file is owned by root , if not , deny executing if possible.
> >
> > ( it's "not" not "now" in my last mail )
> >
> > What do you think ?
>
> Did you mean executable as target? That's fine idea.
Yes , it is , if file owner of target is owned by that user , sudo
should not execute , because it's a equivlent to own root shell.
e.g allows user alex to execute /usr/local/bin/shell , and alex can
modify /usr/local/bin/shell , then he owns the system , not so cool.
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
More information about the sudo-users
mailing list