| implicate_order 2006-07-21, 7:24 pm |
|
> And how exactly would prevent that someone from just opening
> /etc/sudoers from vi which is running as root?
That is true -- one could easily open the sudoers file and change it.
Unless of course you didn't allow "shell escapes" through sudo vi and
prevented "vi /etc/suoders" in the sudoers file.
> It seems highly questionable why to use sudo at all when standard
> unix permissions will allow to do that easily?
While that may be true, it was an "academic" exercise to see whether
sudo can be used to prevent shell escapes (which is what someone had
said cannot be done).
> Extra points for writing a 5-10 line shell script you can run
> from sudo deleting or adding one entry to /etc/hosts.
imho if sudo can be locked down properly it's a very decent tool to
enforce limited/restricted privileged functionality.
|