LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 10-09-2012, 06:15 AM   #1
skp
LQ Newbie
 
Registered: Aug 2012
Posts: 10

Rep: Reputation: Disabled
Sudo access


Hi,

I have sudo access for doing system admin tasks.But if i run sudo screen i immediately login as root and get root privileges. Is there any way to stop this loop hole? Please let me know
 
Old 10-09-2012, 06:27 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
What loophole? You provide credentials as per mandated in the sudoers file... it's working correctly. I presume you would say that running "sudo -i" is also this same loophole?
 
Old 10-10-2012, 12:53 PM   #3
skp
LQ Newbie
 
Registered: Aug 2012
Posts: 10

Original Poster
Rep: Reputation: Disabled
I have checked the privileges for it in the /etc/sudoers files, everything seems to be fine. The scenario is i do not have privileges to edit the httpd conf file. But when i run sudo screen, i login to the screen as root and then i can able to edit the http conf file. How do i block the root access.
 
Old 10-10-2012, 01:04 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,579
Blog Entries: 2

Rep: Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036Reputation: 4036
You are doing it the wrong way. sudo is a program that can be used to give a user root access to specific applications. You define those applications in the sudoers file. if you don't want to be able to run screen as root don't add screen to your program list in that file. With sudo you have to be very careful and test every application that you add to the list if there are ways to break out from it as root. For example, you shouldn't allow to use Vim or Emacs as root with sudo, since both are able to start shells, which would be started as root in that case.

So the solution for your problem is not to block single applications, but to not allow them in the first place.
 
Old 10-10-2012, 01:51 PM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
As above, there IS no problem. Yes, everything looks correct, as it probably is.

Quote:
Originally Posted by TobiSGD View Post
For example, you shouldn't allow to use Vim or Emacs as root with sudo, since both are able to start shells, which would be started as root in that case.
Well i'd say the more obvious reason is that that would allow the user to edit /etc/sudoers!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Limiting Sudo Access carlosinfl Red Hat 2 02-11-2011 08:02 AM
sudo access denied ZAMO Linux - Server 5 03-21-2010 05:48 PM
No write access with sudo dellthinker Linux - Desktop 6 09-29-2009 04:20 PM
Sudo Access PMP Linux - Newbie 7 05-04-2009 07:19 AM
sudo access depam Linux - Newbie 1 02-03-2008 06:56 AM


All times are GMT -5. The time now is 07:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration