Wanted: interesting sudoers

[jrm@]

Michael Lucas is writing another book. This time it's about sudo and he's looking for input.

 

[SirDice]

Don't allow vi(1) or less(1).

Both have an option to spawn a shell, giving someone full root access :e

 

[Crest]

@SirDice: So do many other useful programs.

 

[SirDice]

Indeed. This is fairly stupid too:

cp /usr/local/* /usr/local/*
chmod * /usr/local/*
chown * /usr/local/*

They allow me to create an SUID root shell in /usr/local/. Those wildcards are funky too

sudoedit /usr/local/*

This allows me to edit /etc/rc.conf by doing sudoedit /usr/local/../../etc/rc.conf

I've had to deal with "high" security systems and they put things like that in the sudoers. I was usually able to break out after looking at sudo -l for 5 minutes :e

 

[marwis]

Indeed. This is fairly stupid too:

cp /usr/local/* /usr/local/*
chmod * /usr/local/*
chown * /usr/local/*

I don't get this. What does it do? Thanks.

 

[throAU]

IMHO, restricting root permissions with sudo is a bit broken.

My only use for sudo is to give multiple users root access without needing to divulge the root password and tell everybody who needs root the new root password when someone leaves and it is re-set.

Sure you can attempt to limit what people can do with sudo but as above, there are many ways to shoot yourself in the foot. Policy here (small team) is basically that you are either given full root permission or not, and if allowed to run sudo at all, it is against any command, including su. The use of sudo here is purely so you don't need to know the root password, which is periodically reset and kept for use only when the machine needs to be run in single user mode.

 

[SirDice]

I don't get this. What does it do? Thanks.

They're commands I was allowed to run with sudo. But the wildcards allowed for a lot more than they intended.

 

[throAU]

I'm guessing it's because * includes ../ along with ../../sbin (etc.), right?

 

[SirDice]

I'm guesing it's because * includes ../ along with ../../sbin (etc.), right?

Yep.

 

[DutchDaemon]

The only way I ever used sudo to give selective root permissions to others was through tightly controlled scripts in one directory, which were named individually in sudoers. Anything started from those scripts had discreet and finite flags (ended with '--'). I would never hand out wholesale sudo rights or even direct rights to anything in the system directories. At least wrap your shell around it with all kinds of safeguards (e.g.: if you allow editing, make sure the script creates backups and diffs) and carefully choose the options you hand out.

 

[chatwizrd]

It's simple don't use it. I don't see why a book needs to be written about that.

 

[cpm@]

It's worth reading with all due respect to the Godmother of UNIX Admins, Remembering Evi Nemeth: The woman that saved "sudo".

 

[kpa]

In my opinion sudo is a flawed attempt at addressing a fundamental problem with the UNIX permissions and users system. There should never be a need to have a separate root user if it was done properly with capabilities and ACLs that control what a user can do and can not.