Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Editing sudoers still gives users full access, After editing sudoers, still can execute blocked commands
Subby
post Sep 15 2006, 03:49 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 15-September 06
Member No.: 7,240



I need some help. I am trying to harden a linux pc so that non-root users can not run root level, except for one
I have the following entry in my /etc/sudoers via the visudo command

admin ALL=!/bin/[]*,!/usr/[]*,!/sbin/[]*,/bin/sh /etc/rc5.d/S99AdminApp, NOPASSWD: ALL

So basically, all I want the user to be able to run as from a sudo -u root point of view is /etc/rc5.d/S99AdminApp without being prompted for a password, hence the NOPASSWD. This application also loads at boot-time, thats why its in the RC directory.

Problem I am having is that any user can still run commands like
sudo -u root ls /opt/application even though in the sudo -l is lists

User admin may run the following commands on this host:
(root) !/bin/[]*
(root) !/usr/[]*
(root) !/sbin/[]*
(root) /bin/sh /etc/rc5.d/S99AdminApp
(root) NOPASSWD: ALL


Furthermore, /opt/application is completely isolated from all users except root since I do not want any user to have access to this directory except root.

Any ideas what I am doing wrong.

Thanks
Subby
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd October 2017 - 04:59 AM