[arch-general] Sudo arch wiki
Cmnd_Alias EDITS = /usr/bin/vim, /usr/bin/nano, /usr/bin/cat, /usr/bin/vi Cmnd_Alias ARCHLINUX = /usr/sbin/gparted, /usr/bin/pacman, /usr/bin/pacman-color root ALL = (ALL) ALL USER_NAME ALL = (ALL) ALL, NOPASSWD: WHEELER, NOPASSWD: PROCESSES, NOPASSWD: ARCHLINUX, NOPASSWD: EDITS The arch wiki docs are usually very good but the sudo page is dangerous. The offered configs suggest adding editors to sudo when sudoedit should only be added and only to a set file otherwise sudo is basically just su and without a password in the example so suid all due to the user being able to edit sudoers or escape the editor. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________
On 31/08/12 09:48, Kevin Chadwick wrote:
Cmnd_Alias EDITS = /usr/bin/vim, /usr/bin/nano, /usr/bin/cat, /usr/bin/vi Cmnd_Alias ARCHLINUX = /usr/sbin/gparted, /usr/bin/pacman, /usr/bin/pacman-color
root ALL = (ALL) ALL USER_NAME ALL = (ALL) ALL, NOPASSWD: WHEELER, NOPASSWD: PROCESSES, NOPASSWD: ARCHLINUX, NOPASSWD: EDITS
The arch wiki docs are usually very good but the sudo page is dangerous.
The offered configs suggest adding editors to sudo when sudoedit should only be added and only to a set file otherwise sudo is basically just su and without a password in the example so suid all due to the user being able to edit sudoers or escape the editor.
It is a wiki. Edit it...
Cmnd_Alias EDITS = /usr/bin/vim, /usr/bin/nano, /usr/bin/cat, /usr/bin/vi Cmnd_Alias ARCHLINUX = /usr/sbin/gparted, /usr/bin/pacman, /usr/bin/pacman-color
root ALL = (ALL) ALL USER_NAME ALL = (ALL) ALL, NOPASSWD: WHEELER, NOPASSWD: PROCESSES, NOPASSWD: ARCHLINUX, NOPASSWD: EDITS
The arch wiki docs are usually very good but the sudo page is dangerous.
The offered configs suggest adding editors to sudo when sudoedit should only be added and only to a set file otherwise sudo is basically just su and without a password in the example so suid all due to the user being able to edit sudoers or escape the editor.
It is a wiki. Edit it...
Fair enough, I did look to but stopped at the need to register/login as I often do on forums. Wikipedia doesn't require a login but I guess they pay reviewers? -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________
participants (2)
-
Allan McRae
-
Kevin Chadwick