From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1E02Lu-0008Tt-Dl
	for garchives@archives.gentoo.org; Tue, 02 Aug 2005 19:23:02 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j72JMRbc021962;
	Tue, 2 Aug 2005 19:22:27 GMT
Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30])
	by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j72JMQIK028467
	for <gentoo-doc-cvs@lists.gentoo.org>; Tue, 2 Aug 2005 19:22:27 GMT
Message-Id: <200508021922.j72JMQIK028467@robin.gentoo.org>
Received: from lark.gentoo.osuosl.org ([140.211.166.177] helo=lark.gentoo.org)
	by smtp.gentoo.org with smtp (Exim 4.43)
	id 1E02Lg-0005TX-6j
	for gentoo-doc-cvs@lists.gentoo.org; Tue, 02 Aug 2005 19:22:48 +0000
Received: by lark.gentoo.org (sSMTP sendmail emulation); Tue,  2 Aug 2005 19:22:33 +0000
From: "Sven Vermeulen" <swift@lark.gentoo.org>
Date: Tue,  2 Aug 2005 19:22:33 +0000
To: gentoo-doc-cvs@lists.gentoo.org
Subject: [gentoo-doc-cvs] cvs commit: sudo-guide.xml
Precedence: bulk
List-Post: <mailto:gentoo-doc-cvs@lists.gentoo.org>
List-Help: <mailto:gentoo-doc-cvs+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-doc-cvs+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-doc-cvs+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-doc-cvs.gentoo.org>
X-BeenThere: gentoo-doc-cvs@gentoo.org
Reply-to: docs-team@lists.gentoo.org
X-Archives-Salt: 0f93b0bb-31bf-4048-bc4f-f8401741bf6c
X-Archives-Hash: 153f01ad9c4279c02cedc307d584cc6a

swift       05/08/02 19:22:33

  Modified:    xml/htdocs/doc/en sudo-guide.xml
  Log:
  Trust your users or use a wrapper script instead of granting full access to tools that manipulate the system. Tx to ciaranm for reporting

Revision  Changes    Path
1.2       +12 -2     xml/htdocs/doc/en/sudo-guide.xml

file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/x-cvsweb-markup&cvsroot=gentoo
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.2&content-type=text/plain&cvsroot=gentoo
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.1&r2=1.2&cvsroot=gentoo

Index: sudo-guide.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sudo-guide.xml	2 Aug 2005 17:59:29 -0000	1.1
+++ sudo-guide.xml	2 Aug 2005 19:22:33 -0000	1.2
@@ -1,6 +1,6 @@
 <?xml version='1.0' encoding="UTF-8"?>
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.1 2005/08/02 17:59:29 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.2 2005/08/02 19:22:33 swift Exp $ -->
 
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
@@ -22,7 +22,7 @@
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
 
-<version>1.0</version>
+<version>1.1</version>
 <date>2005-08-02</date>
 
 <chapter>
@@ -126,6 +126,16 @@
 </pre>
 
 <p>
+A <brite>big warning</brite> is in place though: do not allow a user to run an
+application that can allow people to elevate privileges. For instance, allowing
+users to execute <c>emerge</c> as root can indeed grant them full root access 
+to the system because <c>emerge</c> can be manipulated to change the live file 
+system in the user his advantage. Trust your users, or use a <e>wrapper</e> 
+instead: a script that limits the use of the application to a known set of 
+safe instructions.
+</p>
+
+<p>
 The user name can also be substituted with a group name - in this case you should
 start the group name with a <c>%</c> sign. For instance, to allow any one in
 the <c>wheel</c> group to execute <c>emerge</c>:



-- 
gentoo-doc-cvs@gentoo.org mailing list