visudo enhancement to edit-syntax-check arbitrary files
William R. Ward
bill at wards.net
Fri Dec 14 13:08:06 EST 2001
Todd C. Miller writes:
>In message <15385.45506.461372.951014 at komodo.home.wards.net>
> so spake (bill):
>
>> My understanding is that visudo requires you to already be root. I
>> think that it is important to have the editor *not* run as uid 0 due
>> to the fact that you can launch sub-processes, edit other files, etc.
>> See the CAVEATS section in the man page for visudo.
>
>I see no point in running visudo as a uid other than 0 since if
>you can edit sudoers, you can grant yourself permission to run
>whatever you like.
I think you may have been confused by the fact that two different
proposals for similar things arrived at the same time.
I am referring to the idea of using sudo to grant permission to edit
files *other* than sudoers, such as /etc/aliases.
--Bill.
--
William R Ward bill at wards.net http://www.wards.net/~bill/
-----------------------------------------------------------------------------
If you're not part of the solution, you're part of the precipitate.
More information about the sudo-workers
mailing list