[TCLUG] Sudo

[Jima]

On Tue, 17 Jun 2003, Pradeep Kumar Sadanapalli wrote:
> I have given sudo rights to a user for the command "rpm" . but within 
> rpm, I want to keep some restrictions. For example, the user should not 
> be able to run "rpm" to install a package I wish, say "abc.rpm" .

 As soon as you give a user access to run `rpm`, you've essentially given 
them access to anything they want.
 It's fairly trivial to create a dummy RPM with a malicious %post 
(post-installation) script, which would be executed as root.  Also, an RPM 
can be recompiled with a different name, which would sidestep any filename 
restrictions you might put in place (which I'm really not sure you *can* 
do).
 It's not the answer you're looking for, but it's a fair warning.

     Jima


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list