Weekly Edition
Return to the Press page
| |||||||||||
Secure Cooking with Linux, Part 2 (O'ReillyNet)
O'ReillyNet presents
more recipes from the Linux Security Cookbook. "This
week, we offer recipes that fall into an intermediate-level category. Learn
how to restrict access to network services by time of day, and how to use
sudo to permit read-only access to a shared file."
(Log in to post comments)
Wrong tool for the job? Posted Jun 30, 2003 11:57 UTC (Mon) by ranger (guest, #6415) [Link] While sudo is very powerful, and allows you to achieve some cool things (such as allowing some users to restart services and similar things), IMHO it shouldn't be abused like this.Firstly, most non-admin users will likely want to view the file with something besides cat, and will likely not want to do it from the command line. Secondly, if you use any tool which allows other operations (such as an interactive editor), you may allow the user to do other operations you had not considered Thirdly, you may be unnecessarily exposing the owner of the file to vulnerabilities in a command, which would ordinarily not be of consequence. Finally, many filesystems have ACL support, which allow you to achieve a better solution (which does not have the 3 problems above) with less effort. Please don't suggest this use of sudo as an alternative to ACLs to Windows Admins ... we have better tools. All we need is the ability to allow non-owners users to set permissions. This could currently be done via sudo, but once again, in all likelihood, your users want to use a graphical file manager instead.
|
|||||||||||