On Fri, 9 May 2003, Wayne Walker wrote:
Bottom line, if you give someone sudo access you should tgrust them to be root, OR you should only allow them to run very specific _scripts/binaries_ that you wrote for them specifically (e.g. chown_files_to_others_in_his_primary_group, restart_lpd, restart_httpd...) And here you still have to be careful about these programs....
For a limited set of specific tasks, there is a workaround. Have a directory to which the user has write access, have a script run every minute or every 5 minutes or so from crontab that checks if there is a file with specified name there, and if so, do an action and erase the file. I solved the problem when one of our programmers needed to occassionally restart Apache to which he did not have the rights. Instead of messing with sudo and taking the risk, he now just has to do "touch /var/cmd/apacherestart" and in next couple minutes it gets done. This trick can be used even for passing commands, which then can be put into the file (echo "commands" > /var/cmd/whatevercommandfile) and the script then reads them from there (and checks the syntactical validity of the arguments to prevent eventual attack through this route). Should be bulletproof.