LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-30-2012, 11:34 AM   #1
skp
LQ Newbie
 
Registered: Aug 2012
Posts: 10

Rep: Reputation: Disabled
sudo access problem


Hi,

I provided some of the users sudo access and they have only read permissions for some conf files. But they edit the file and force writing in it using the below syntax.

:w !sudo tee %

and it loads the file with the changes. Please provide some suggestions to disable this, as it causing more problems.
 
Old 08-30-2012, 05:42 PM   #2
segmentation_fault
Member
 
Registered: Sep 2008
Location: Ioannina, Greece
Distribution: Gentoo
Posts: 332

Rep: Reputation: 55
It's not a bug, it's a feature!
Set up command alias in sudoers file and give them sudo access to only the commands they need. If you give them sudo access to vi, they can even escape to a shell, rendering every file permission invalid.

Last edited by segmentation_fault; 08-30-2012 at 05:43 PM.
 
Old 08-30-2012, 06:40 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,260

Rep: Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328Reputation: 2328
As segmentation_fault said; see the Security Notes section of http://linux.die.net/man/8/sudo.
Basically, sudo is for delineating which cmds users can use.
File protection is done via ownerships, perms, acls, selinux.
 
Old 09-01-2012, 02:14 AM   #4
skp
LQ Newbie
 
Registered: Aug 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thanks for the fast reply. so as far i understood, i need to block the vi, vim access to the users so that we can avoid these problems.
Is that right ? , i also need to know any other possibilities of blocking that syntax other than blocking the vi editors.
 
Old 09-01-2012, 06:10 AM   #5
segmentation_fault
Member
 
Registered: Sep 2008
Location: Ioannina, Greece
Distribution: Gentoo
Posts: 332

Rep: Reputation: 55
Don't start by blocking. There are many many things you need to block. Start by allowing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict SUDO Access maddyfreaks Linux - Newbie 8 02-25-2012 02:32 PM
Sudo Access PMP Linux - Newbie 7 05-04-2009 08:19 AM
Problem with SUDO : sudo: pam_authenticate: Module is unknown cristoph_ Linux - Software 2 03-02-2009 08:12 PM
sudo access depam Linux - Newbie 1 02-03-2008 07:56 AM
Please help. Sudo access problem gneeot Ubuntu 5 11-17-2006 12:51 PM


All times are GMT -5. The time now is 05:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration