From: "Sven Vermeulen" <swift@lark.gentoo.org>
To: gentoo-doc-cvs@lists.gentoo.org
Subject: [gentoo-doc-cvs] cvs commit: sudo-guide.xml
Date: Tue, 2 Aug 2005 19:22:33 +0000 [thread overview]
Message-ID: <200508021922.j72JMQIK028467@robin.gentoo.org> (raw)
swift 05/08/02 19:22:33
Modified: xml/htdocs/doc/en sudo-guide.xml
Log:
Trust your users or use a wrapper script instead of granting full access to tools that manipulate the system. Tx to ciaranm for reporting
Revision Changes Path
1.2 +12 -2 xml/htdocs/doc/en/sudo-guide.xml
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo
Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-guide.xml 2 Aug 2005 17:59:29 -0000 1.1
+++ sudo-guide.xml 2 Aug 2005 19:22:33 -0000 1.2
@@ -1,6 +1,6 @@
<?xml version='1.0' encoding="UTF-8"?>
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 2005/08/02 17:59:29 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 2005/08/02 19:22:33 swift Exp $ -->
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
@@ -22,7 +22,7 @@
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.0</version>
+<version>1.1</version>
<date>2005-08-02</date>
<chapter>
@@ -126,6 +126,16 @@
</pre>
<p>
+A <brite>big warning</brite> is in place though: do not allow a user to run an
+application that can allow people to elevate privileges. For instance, allowing
+users to execute <c>emerge</c> as root can indeed grant them full root access
+to the system because <c>emerge</c> can be manipulated to change the live file
+system in the user his advantage. Trust your users, or use a <e>wrapper</e>
+instead: a script that limits the use of the application to a known set of
+safe instructions.
+</p>
+
+<p>
The user name can also be substituted with a group name - in this case you should
start the group name with a <c>%</c> sign. For instance, to allow any one in
the <c>wheel</c> group to execute <c>emerge</c>:
--
gentoo-doc-cvs@gentoo.org mailing list
next reply other threads:[~2005-08-02 19:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-02 19:22 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-05-19 20:45 [gentoo-doc-cvs] cvs commit: sudo-guide.xml Sven Vermeulen
2006-07-14 11:46 Xavier Neys
2005-12-31 15:30 Xavier Neys
2005-10-21 20:21 swift
2005-08-04 8:07 swift
2005-08-04 8:05 swift
2005-08-03 8:13 Sven Vermeulen
2005-08-02 19:23 Sven Vermeulen
2005-08-02 18:00 Sven Vermeulen
2005-08-02 17:59 Sven Vermeulen
2005-08-02 17:48 Sven Vermeulen
2005-08-02 16:14 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200508021922.j72JMQIK028467@robin.gentoo.org \
--to=swift@lark.gentoo.org \
--cc=docs-team@lists.gentoo.org \
--cc=gentoo-doc-cvs@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox