Restricting users from certain privileges
Jason Hellenthal
jhellenthal at dataix.net
Sat Apr 28 23:53:34 UTC 2012
On Sat, Apr 28, 2012 at 04:34:34PM -0700, Freddie Cash wrote:
> On Apr 28, 2012 4:03 PM, "Jason Hellenthal" <jhellenthal at dataix.net> wrote:
> > cp /usr/bin/vi ~/
> >
> > or upload your own...
> >
> > sudo $HOME/vi
> >
>
> If your Cmnd_Alias includes the full path to vi, then your last command
> won't work.
I know. Just an example of why you should be careful. I had an admin on
a box I supervise add an entry where it enabled a user to run
miscelaneous commands. It did not effect anything since the user is well
trusted but if it had been the other way around and had not be caught
the sheer consequence of such could have been disasterous.
--
- (2^(N-1))
More information about the freebsd-stable
mailing list