Secure remote shell

Eric Crist mnslinky at
Fri Nov 30 05:41:47 PST 2007

On Nov 29, 2007, at 1:37 AM, Steve Bertrand wrote:


> A legitimate question:
> If I add user 'www' to 'sudoers' with the ability to run adduser, does
> that not give user 'www' to put the added user in a group, perhaps  
> wheel?
> If said commands are passed via 'user' to web browser to web server,  
> run
> within context of the web server user, and web server user has sudo
> rights to the remote box, does that not mean that the server is
> essentially 'executing user input'?

Not if you use the right commands and configure the sudo stuff  
correctly.  Since this is scripted, you can easily force a very  
specific set of commands on the script, and specifically omit the  
groups you do not want.

man sudo is your friend.
Eric F Crist
Secure Computing Networks

More information about the freebsd-questions mailing list