[Sussex] sudo
Richie Jarvis
richie at helkit.com
Sun Jan 23 01:37:10 UTC 2005
Thomas Adam wrote:
> On Sun, Jan 23, 2005 at 01:12:14AM +0000, Richie Jarvis wrote:
>
>>So, my question is whether sudo will still allow this sort of
>>behaviour - I don't want to lock them out of their boxes, just out of
>>the fileserver.
>
>
> You can configure sudo to do all manner of things. You can tell sudo to
> allow a user (or groups of users) to only run certain applications. Of
> course, this might allow them to access information across the NFS share
> -- but then the problem doesn't sit with sudo, but how you have
> /etc/exports defined on the NFS server.
>
> -- Thomas Adam
>
An interesting point. I suppose I could restrict access using
/etc/exports - however, that is a royal pain in the butt! I share 2
directories - /store and /home.
/store would be relatively easy to nobble, as there are few dirs in
there, and the people who want their data private are on windows anyway.
/home is a different matter, as I would have to share each home
separately and restrict each user.
I also see on the sudo website that any shell capable prog will not be
stopped if it uses static libaries - bugger.
Any bright ideas?
Richie
More information about the Sussex
mailing list