Results 11 to 15 of 15
Enjoy an ad free experience by logging in. Not a member yet? Register.
Originally Posted by bigtomrodney
What you're trying to do here is tricky as hell. You have lots of full-on sudoers on the box? So you're trying to hide from lots of folks with root access. That will not work without lots of help from your friendly selinux administrator.
Given the hairy scenario that you describe, I'd say you are actually going to want to run the script from a different box. Something is wrong with the whole picture.
At the risk of sounding cruel this is poorly implemented security. Actually this is non existant security. With root permission a user can become any other user. Encryption is not the answer and as I mentioned already there is a definite need to reel in the permissions to an absolute necessity. You may find a workaround to allow you to proceed in the direction you are going but remember it will only be that - a workaround. I would strongly rethink the security policy going forward.
- Join Date
- Jul 2005
How about storing that file on another server where users don't have sudo permissions? And then let them (or script, or whatever) access the file remotely but only with certain permissions (controlled by the server where the file is).
- Join Date
- Jul 2006
Thank you for that suggestion on the restrictive sudoers file. I am taking that approach and have restricted the users from shells, and su. I would ideally like each user to have a script of their own in the home directories and chmod the directory to 700 for them. However with ubuntu does anyone know how to restrict sudo from accessing home directories of other users? Also from preventing sudo from chowning and chmoding the home directories only?