Alternatives for sudo?? - Page 2 | Unix Linux Forums | Red Hat

  Go Back    


Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Alternatives for sudo??

Red Hat


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #8  
Old 08-03-2010
hergp hergp is online now Forum Advisor  
Problem Eliminator
 
Join Date: Jan 2010
Last Activity: 16 April 2014, 11:55 AM EDT
Location: Vienna, Austria
Posts: 779
Thanks: 16
Thanked 164 Times in 146 Posts
@Pludi: growisofs does not run under sudo by design for security reasons, because it can be abused to execute arbitrary programs with elevated privileges, as stated in the man page.
Sponsored Links
    #9  
Old 08-03-2010
pludi's Avatar
pludi pludi is offline Forum Advisor  
Cat herder
 
Join Date: Dec 2008
Last Activity: 28 March 2014, 8:35 AM EDT
Location: Vienna, Austria, Earth
Posts: 5,522
Thanks: 38
Thanked 335 Times in 308 Posts
Define "it's not working". What error message are you getting (if any)?

Example sudoers entry:
Code:
pludi ALL = (root) NOPASSWD: /usr/bin/id

Usage:
Code:
$ sudo -l
User pludi may run the following commands on this host:
    (ALL) ALL
    (root) ALL
    (root) NOPASSWD: /usr/bin/id
$ id
uid=1002(pludi) gid=100(users) groups=10(wheel),16(dialout),33(video),100(users)
$ sudo id
uid=0(root) gid=0(root) groups=0(root)
$ sudo /bin/echo Test
pludi's password:
Test



---------- Post updated at 15:00 ---------- Previous update was at 14:57 ----------

Quote:
Originally Posted by hergp View Post
@Pludi: growisofs does not run under sudo by design for security reasons, because it can be abused to execute arbitrary programs with elevated privileges, as stated in the man page.
True, didn't see that, thanks for pointing it out. But in the same section it presents a wrapper script that can be used in place of the real executable, as well as the recommendation to change it to SUID, as it will drop the privileges itself. That way, neither sudo nor ssh are needed.
Quote:
But note that the recommended alternative to the above "workaround" is actually to install growisofs set-root-uid, in which case it will drop privileges prior accessing data or executing mkisofs in order to preclude unauthorized access to the data.
Sponsored Links
    #10  
Old 08-03-2010
hergp hergp is online now Forum Advisor  
Problem Eliminator
 
Join Date: Jan 2010
Last Activity: 16 April 2014, 11:55 AM EDT
Location: Vienna, Austria
Posts: 779
Thanks: 16
Thanked 164 Times in 146 Posts
I'm not sure if the suid bit is the best way to go, because the next update-rpm might change the access rights back to the Redhat default which seems to be not suid.
    #11  
Old 08-04-2010
sony star sony star is offline
Registered User
 
Join Date: Jun 2010
Last Activity: 4 August 2010, 1:44 AM EDT
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts

pludi,

it is not giving any error message, but not giving required out put. and still 'growisofs' need to switch user by su.

can u tell me any other way or any additional thing in this method to solve this problem?

Sponsored Links
    #12  
Old 08-08-2010
KenJackson KenJackson is offline
Registered User
 
Join Date: May 2008
Last Activity: 7 September 2011, 6:25 AM EDT
Location: Maryland, USA
Posts: 307
Thanks: 2
Thanked 28 Times in 20 Posts
A different way to solve the problem would be to set the setuid mode bit on the executable:

Code:
sudo chmod u+s /usr/bin/growisofs

That gives the executable the ability to set it's UID to root regardless of which user is executing it. After that, you don't even need sudo.

Some frown on this as a security hole. I guess a criminal could figure out how to execute that program to get elevated privileges and then do something bad. But it's an option.
Sponsored Links
    #13  
Old 08-14-2010
nflenz nflenz is offline
Registered User
 
Join Date: Aug 2010
Last Activity: 14 August 2010, 4:19 PM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
growisofs will work under sudo if you unset the SUDO_COMMAND variable.
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
ntop/Nmon alternatives satimis Linux 5 12-19-2007 09:25 AM
Alternatives for CLOCK_MONOTONIC amitks21 UNIX for Advanced & Expert Users 3 11-17-2006 03:09 AM
Unix Sort - Alternatives chprvkmr UNIX for Advanced & Expert Users 1 10-05-2005 10:29 AM
Alternatives to set the system date ?? ulisses0205 UNIX for Advanced & Expert Users 2 04-07-2004 04:43 AM
ASP alternatives Ricki UNIX for Dummies Questions & Answers 3 05-30-2001 05:38 PM



All times are GMT -4. The time now is 12:11 PM.