From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DqFrf-0003xF-6r for garchives@archives.gentoo.org; Wed, 06 Jul 2005 19:47:23 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j66JjcZe011793; Wed, 6 Jul 2005 19:45:38 GMT Received: from smtp13.wxs.nl (smtp13.wxs.nl [195.121.6.27]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j66JflOp022504 for ; Wed, 6 Jul 2005 19:41:47 GMT Received: from [10.0.0.150] (ip3e83ab52.speed.planet.nl [62.131.171.82]) by smtp13.wxs.nl (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IJ8004WA1F655@smtp13.wxs.nl> for gentoo-user@lists.gentoo.org; Wed, 06 Jul 2005 21:42:42 +0200 (CEST) Date: Wed, 06 Jul 2005 21:42:27 +0200 From: Holly Bostick Subject: Re: [gentoo-user] sudo echo cannot write to /etc/ files ? In-reply-to: <42CC2D3A.7060104@asmallpond.org> To: gentoo-user@lists.gentoo.org Message-id: <42CC3423.8060903@planet.nl> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7BIT X-Accept-Language: nl-NL, nl, en User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050624) X-Enigmail-Version: 0.92.0.0 References: <42CBE237.7050508@planet.nl> <1120659727.13823.8.camel@capella.catmur.co.uk> <42CBF0B1.1020308@planet.nl> <20050706151218.GA19645@valinor.dynalias.net> <42CBF8A3.6050103@gmx.ch> <42CC01C5.10905@planet.nl> <42CC2148.3080405@asmallpond.org> <42CC24AD.70705@planet.nl> <42CC2D3A.7060104@asmallpond.org> X-Archives-Salt: aa986655-29ed-4970-8ebb-b26b9453c9ff X-Archives-Hash: e78ac31f3be7debb0b026155390aba58 Richard Fish schreef: > Holly Bostick wrote: > > >>Richard Fish schreef: >> >> >> >>>BTW Holly, >>> >>>You should recognize that from a security standpoint allowing yourself >>>to execute bash is really giving yourself "blanket permissions to sudo >>>to all commands". You might as well make life easier on yourself and >>>just make your sudo settings "ALL=(ALL) NOPASSWD: ALL". >>> >>>My $.02. >>> >>>-Richard >>> >>> >>> >> >>Thank you for the heads-up, Richard, but it would seem that that isn't >>quite true-- I did a test: >> >> >>sudo bash -c /etc/init.d/samba restart >> >> >> > > > Remember that the -c option for bash is a single argument, not the rest > of the line. The 'restart' is being seen as a separate argument to > bash, not as part of the command for bash to execute, if that makes any > sense! It will work if you do: > > sudo bash -c "/etc/init.d/samba restart" > > -Richard > So it will. Shoot. Oh, well. Maybe I'll rework this, or I should then ask for: 1) firewall recommendations (personal, as the router has one too; atm I'm liking firestarter) 2) anti-hacking monitors (other than chrootkit and rkhunter, if needed-- guess I'm thinking about keyloggers) ? Holly -- gentoo-user@gentoo.org mailing list