[sudo-users] /bin/bash in sudoers allows root access to a user????
Martin, Denis (Consultant)
dmartin at cdpq.com
Thu Jun 6 14:15:27 MDT 2019
I came across a strange behavior of sudo.
We have created an account for Rapis7 Nexpose software to allow it to
scan our machines for vulnerabilities as well as CIS security.
The software needs to have access to multiple commands with root
privileges. To do so, we have added the commands to our sudoers file.
While doing some trouble shooting for another thing I issued "sudo -i"
using that account instead of mine and got stunned when I got access to
the root account!
All our other sudo users don't have access to root by issuing "sudo
-i". I looked in the sudoers file to find what was specific to that
user and found that the command "/bin/bash" is THE ONE giving root
access to that user as well as to the other users that are part of the
same group. I confirmed this by removing that command from the sudoers
file and notice that root access is no longer granted to that user.
Why is including "/bin/bash" in the sudoers file allows root access
with "sudo -I"???
"/bin/sh" and "/bin/ksh" don't allow it...
Thanks, have a great day!
Alerte vacances, veuillez noter que je serai en vacances du 22 juin au
2 juillet inclusivement.
More information about the sudo-users