[Mageia-sysadm] Usernames, uids, and groups

Wed Nov 10 18:54:01 CET 2010

On Wed, 10 Nov 2010, Luca Berra wrote:
+
+> On Wed, Nov 10, 2010 at 06:25:38PM +0100, nicolas vigier wrote:
+>> On Wed, 10 Nov 2010, Luca Berra wrote:
+>>
+>>> On Wed, Nov 10, 2010 at 01:32:47PM +0100, Michael Scherer wrote:
+>>>> Le mercredi 10 novembre 2010 à 11:55 +0100, nicolas vigier a écrit :
+>>>>> On Wed, 10 Nov 2010, Luca Berra wrote:
+>>>>>
+>>>>> > 2) Accountability. No idea in France, but here system administratros
+>>>>> > need to be accounted (*).
+>>>>>
+>>>>> When someone runs "sudo su -" or something equivalent there is no
+>>>>> accountability on what he did after that.
+>>>>
+>>>> Even more cunning, emacs or vim can run process ( except that vim has a
+>>>> mode where it can prevent it with -Z, do not know for emacs ).
+>>>
+>>> it is better to use sudoedit for editing files, it will copy the
+>>> original file to a temporary copy, revert to caller uid, let user edit
+>>> the file, and move it into place afterwards.
+>>
+>> Unless the list of files you are allowed to edit is very limited, it is
+>> very easy to open a root shell by editing a config file.
+> not with sudoedit
+
+With sudoedit too. Many config files are shell scripts or perl scripts
+that you can edit to run other commands. Many config files also contain
+paths for programs, libraries or plugins, environement variables or
+other things that you can use to run anything you want. So unless you
+can edit only a very limited number of files, there are many ways to
+open a root shell.
+
+>>> another options is using noexec (sudo will preload a shlib overriding
+>>> exec calls)
+>>
+>> But you have an editor running as root, and you can then edit any file.
+> the idea is that the editor runs as unprivileged user
+
+I was talking about noexec option here.
+
+