Re: [exim] sudo - iptables trick

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Vincent Danen
Dátum:  
Címzett: W B Hacker
CC: exim users
Tárgy: Re: [exim] sudo - iptables trick
* W B Hacker <wbh@???> [2006-04-16 06:33:32 +0800]:

> >>If I'm mail and I run sudo it asks for the root password. What do I need
> >>to add to get around that?
> >
> >
> >See NOPASSWD in man sudoers.
> >
> >regards,
> >John
> >
>
> ??
>
> Is that a good idea?
>
> I think I am beginning to see why some folks say Linux is no
> more secure than Windows.....


sudo can be fine-tuned. If you give user mail access to run iptables as
root and *only* iptables as root, then you should be ok. Or, even
better, write a script to do it and give sudo access to the script; then
you can really restrict what parts of iptables user mail can use.

For a writeup of sudo you can read this:

http://linsec.ca/syshardening/sudo.php

otherwise, man sudo and man sudoers are you friend.

--
Annvix - Secure Linux Server: http://annvix.org/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
Wasting time like it was free...