[mdlug] /etc/sudoers -A rant and an attempt at better documentation
Aaron Kulkis
akulkis3 at hotpop.com
Mon Jan 8 05:10:44 EST 2007
David Favro wrote:
> Raymond McLaughlin wrote:
>> ##This line allows user 'driveray', on any host, to execute /bin/mount
>> ## and /bin/umount with root privileges without having to give a
>> ## password.
>> driveray ALL = NOPASSWD: /bin/mount, /bin/umount
>> ### This was the line that busted my nuts for hours! I work with a lot
>> ### of ISO images, and want my regular user to be able to mount them
>> ### without having to give the root password. The problem was that I
>> ### kept trying to put the NOPASSWD parameter at or near the end of the
>> ### line. I'm still not certain if the 'ALL' refers to "on all hosts' or
>> ### 'as all users'
>>
> If it's a "personal" machine, I recommend just adding the following line:
> driveray ALL=NOPASSWD: ALL
> This allows you to do anything you like without typing any password,
> which is what I do.
In which case, you're setting yourself to be 100% Pwned, because
you've given ANY process (including downloaded software which
you have not inspected 100%) to do WHATEVER it wants.
>
> Now, before someone goes bananas about how that's a security hole (IMO
> it isn't, for personal-use machine), I just finished a heated
> back-and-forth discussion about this on another LUG mailing-list where I
> tried to explain why not... rather than my copy-and-pasting it here, you
> can see the whole thread here:
Then why not just login as root all the time???
> http://lists.hanoilug.org/pipermail/hanoilug/2007-January/thread.html
> under the heading "Ubuntu-sudo usage.."
>
> -- David Favro
More information about the mdlug
mailing list