[sudo-workers] [sudo-users] Installing Application without fullsudo privilege

Olvera Peralta Edgar Alfredo edgar.olvera at bbva.bancomer.com
Fri Feb 13 13:24:07 EST 2009


>From a security point of view that's not recommended. Someone could
create a malicious script called "root.sh" in any directory and you'd be
allowing to run it as root. That is a serious risk.

Regards,
Edgar Olvera

-----Mensaje original-----
De: sudo-workers-bounces at courtesan.com
[mailto:sudo-workers-bounces at courtesan.com] En nombre de Asif Iqbal
Enviado el: Viernes, 13 de Febrero de 2009 11:17 a.m.
Para: Makarand Dongare
CC: sudo-users at sudo.ws; sudo-workers at sudo.ws
Asunto: Re: [sudo-workers] [sudo-users] Installing Application without
fullsudo privilege

On Fri, Feb 13, 2009 at 11:43 AM, Makarand Dongare <mmdongare at gmail.com>
wrote:
> First thing is that Oracle does not need to be installed as root.
> There are couple of scripts that need to be run as rootpre.sh or
> root.sh. Once you do that for app team, they do not need root access
> for anything.
> If you want to give them root access to run those scripts then give it
as below:
>
> oracle servername=(root) full-path-for-command

What if the path name is differnet for different env? Can I do it like
this /*/root.sh for path?

>
> Hope this helps.
>
> Makarand Dongare
>
>
> On 2/13/09, Asif Iqbal <vadud3 at gmail.com> wrote:
>> Hi All
>>
>> My application team needs to install Oracle on hosts. They are asking
>> for full sudo privilege, so that they can install app as root.
>>
>> Is there a lesser privilege that you can suggest then
>>   user ALL=(ALL) ALL
>>
>> Thanks
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>>
>



-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
____________________________________________________________ 
sudo-workers mailing list <sudo-workers at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-workers



More information about the sudo-workers mailing list