[CentOS] Wheel and YUM!!
Eric DuToit
edutoit at gipnetworks.com
Fri Jun 27 16:38:23 UTC 2008
In a flurry of recycled electrons Plant, Dean wrote:
> All my
> sudoers lines that call groups like he was trying to do always have a
> !SU, !SHELLS to specifically deny root access.
>
> Anyway I will shut up now as none of this will help fix his problem.
If you ever grant someone ALL commands and then try and restrict them from
getting a root shell your fighting a loosing battle. Vi/Vim as root can bang
out to a root shell, more can bang out to a root shell, and what's to stop
someone from writing a shell script and executing it as root?
You may already have this covered and I'm not directing this specifically at
your post, but I've seen some really poorly written sudoers files that open up
huge holes.
I know this isn't contributing either so I'm going to lunch!
More information about the CentOS
mailing list