|
Click to See Complete Forum and Search --> : /etc/passwd Henrycoffin 10-07-2004, 07:38 AM How can i stop users who can use sudo from editing /etc/passwd to gain full root priveleges by changing their UID to 0. Is there any way of locking the file from these users Thanks Hayl 10-07-2004, 08:02 AM there is something wrong if they are able to edit it. the default permissions on that file are (in general) -rw-r--r-- root root which means only root can modify it. check the permissions on the file and modify the permissions if necessary. either that or your sudo is set up wrong and gives them full access to everything (or enught to be bad) as root. if it is not your file permissions, then please post the contents of your /etc/sudoers file. Henrycoffin 10-07-2004, 09:09 AM so it is not possible for a user to gain root access through this file even if they add a new user with UID 0 Uranus 10-07-2004, 10:00 AM Originally posted by Hayl either that or your sudo is set up wrong and gives them full access to everything (or enught to be bad) as root. if it is not your file permissions, then please post the contents of your /etc/sudoers file. As in %users ALL=(ALL) NOPASSWD:ALL I think (not sure exactly how sudo works though) BTW Hayl nice to see you back here :) Sam bwkaz 10-07-2004, 07:07 PM Originally posted by Henrycoffin so it is not possible for a user to gain root access through this file even if they add a new user with UID 0 Yes, that will give them root access. However, why on EARTH are you letting ordinary users modify /etc/passwd? happybunny 10-07-2004, 07:46 PM if thats your sudo file, why bother with other user account? Just let everyone log on as root. What do the "norm's" need to do as root that you put them in the sudo file to begin with? You can allow them only certain functions (like mount or starting/stopping services). No need to do ALL:ALL:ALL Smokey 10-08-2004, 12:09 AM Originally posted by bwkaz Yes, that will give them root access. However, why on EARTH are you letting ordinary users modify /etc/passwd? but how can they do that if adduser,useradd both need root access to be executed? michaeln 10-08-2004, 12:26 AM I think his problem is something in the lines of: He has given users who can use sudo the ability to -at the least- use an editor such as emacs as the superuser. Now all they have to do is: sudo emacs /etc/passwd Henrycoffin, sudo can be a serious security risk if not properly set up. You should probably see if there is any other way to set everything up without actually giving anyone else any kind of root access. Afterall there are reasons why certain things require root to work. bwkaz 10-08-2004, 06:14 PM Originally posted by Smokey but how can they do that if adduser,useradd both need root access to be executed? Hmm? I'm saying that normal users SHOULD NOT BE ABLE to run useradd or adduser (or any other program that modifies /etc/passwd)! Why are they doing that on your system? Unless michaeln is describing your situation, then ignore this post. ;) If none of us is on the right track, then maybe it would be a good idea to explain exactly what you're doing, and why you're doing it... justlinux.com
Copyright Internet.com Inc. All Rights Reserved. |
|