LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Suse/Novell (http://www.linuxquestions.org/questions/suse-novell-60/)
-   -   Yast2 Security issuse form command line (http://www.linuxquestions.org/questions/suse-novell-60/yast2-security-issuse-form-command-line-453193/)

Andrew Sorensen 06-09-2006 12:08 PM

Yast2 Security issuse form command line
 
Running Suse 10.0 you can run yast from command line- install software ext without entering your root password the command that brings yast up is
/sbin/yast
how do I block that!!!

unSpawn 06-09-2006 05:25 PM

Short answer: restrict access permissions (chmod 0700 filename).
Long answer (probably): Using symlinks from the actual application to (/usr/bin/)userhelper/consolehelper to use PAM auth, distro's utilising PAM also rely on unprivileged users having /usr/bin before /sbin in their $PATH. If you skip all that and just give the full path you are able to access those binaries directly. Since you are not running as root you don't have (write!) access to like the RPM database and shouldn't be able to install system stuff (AFAIK).

dasy2k1 06-09-2006 05:28 PM

as root try this

chmod /sbin/yast 700

that should stop all users except root running it atall thiough wetehr it would stop users running it from the GUI and then SUing with KDESU i dont know, give it a try...

dasy2k1 06-09-2006 05:29 PM

lol we must have posted the same answer at teh same time as yorr answer wasnet there when i started typing unSpawn!

unSpawn 06-10-2006 06:00 AM

we must have posted the same answer at teh same time
Clearly not: I was three minutes ahead of you, heh. Hint: use "preview" before posting.
Doesn't matter tho. What matters is ppl answering questions, cuz in some cases there's more than one POV and more than one answer.


experimanal box
BTW, I think you've got a first there, having an "experimanal" box... ;-p


All times are GMT -5. The time now is 10:18 PM.