SLUG Mailing List Archives
Re: [SLUG] sudo command over ssh - pasword echo
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] sudo command over ssh - pasword echo
- From: Simon Wong <linux@xxxxxxxxx>
- Date: Thu, 20 Apr 2006 11:57:50 +1000
On Thu, 2006-04-20 at 11:36 +1000, James Gray wrote:
> Just because a user can "sudo" doesn't mean they can "sudo <anything>". You
> *can* restrict users to only being able to sudo a very specific set of
> commands and then even restrict further to options passed to those commands.
Yeah I know, it's one of those mornings where a growing list of
"problems" was making me avoid having to do more :-(
> > yep, trying to script it :-)
> Bummer - not really an option then.
well, I don't have a big problem doing some of this manually as long as
I can streamline it a bit. I'd like to keep good control over what's
happening with package updates especially.
> Double up the security: restrict allowed users AND use key-based auth. :)
Agreed, I've learnt a bit about that the hard way recently :-(
Simon Wong <linux@xxxxxxxxx>