List Info

Thread: Restricting Sudo - Shall I write a spec
Restricting Sudo - Shall I write a spec
country flaguser name
United Kingdom		 2007-02-10 02:12:37 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I've been thinking recently that Ubuntu is too permissive
out of the box
with regard to configuration of sudo. Would it be better for
each of the
admin tools that are installed in the basic install to
add/remove
themselves from a list of "authorised" sudo tools
in their
postinstall/prerm scripts?

I can write up a spec on Launchpad if people are interested
in the idea
 (I think I have access anyway), couldn't find an existing
one there.
Obviously it's a bit more complex than described above ;)

Apologies if there is a better place to have asked for this,
just didn't
want to go to the effort of writing the spec if nobody is
interested.

	Mark.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


iD8DBQFFzX51O5n4za5gggkRAvWQAJ92TbF9KiY8ccAg8gnI+sEJ2XGztQCd
FI84
FW/8P6YGD29TOoGuQ9dEELQ=
=ul9o
-----END PGP SIGNATURE-----

-- 
ubuntu-devel mailing list
ubuntu-devellists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Restricting Sudo - Shall I write a spec
country flaguser name
Germany		 2007-03-07 04:53:33 
On Sat, Feb 10, 2007 at 08:12:37AM +0000, Mark Syms wrote:
> I've been thinking recently that Ubuntu is too
permissive out of the
> box with regard to configuration of sudo. Would it be
better for each
> of the admin tools that are installed in the basic
install to
> add/remove themselves from a list of
"authorised" sudo tools in their
> postinstall/prerm scripts?

Could you give an example of something that is currently
allowed, but
you feel shouldn't be?

-- 
| Soren Hansen    | Linux2Go                  | http://Linux2Go.dk/ |
| Seniorkonsulent | Lindholmsvej 42, 2. TH    | +45 46 90 26
42     |
| shlinux2go.dk  | 9400 Norresundby, Denmark | GPG key:
E8BDA4E3   |

-- 
ubuntu-devel mailing list
ubuntu-devellists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
Re: Restricting Sudo - Shall I write a spec
user name
 2007-03-07 10:49:18 
On Sat, Feb 10, 2007 at 08:12:37AM +0000, Mark Syms wrote:
> Hi all,
> 
> I've been thinking recently that Ubuntu is too
permissive out of the box
> with regard to configuration of sudo. Would it be
better for each of the
> admin tools that are installed in the basic install to
add/remove
> themselves from a list of "authorised" sudo
tools in their
> postinstall/prerm scripts?

As sudo is, by default, the only way to obtain root
privileges, restricting
it to certain commands would make it impossible to, e.g.,
run a shell as
root, something which users expect to be able to do.

-- 
 - mdz

-- 
ubuntu-devel mailing list
ubuntu-devellists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )