Re: Secure remote shell
- From: Eric Crist <mnslinky@xxxxxxxxx>
- Date: Fri, 30 Nov 2007 07:41:41 -0600
On Nov 29, 2007, at 1:37 AM, Steve Bertrand wrote:
[snip]
A legitimate question:
If I add user 'www' to 'sudoers' with the ability to run adduser, does
that not give user 'www' to put the added user in a group, perhaps wheel?
If said commands are passed via 'user' to web browser to web server, run
within context of the web server user, and web server user has sudo
rights to the remote box, does that not mean that the server is
essentially 'executing user input'?
Not if you use the right commands and configure the sudo stuff correctly. Since this is scripted, you can easily force a very specific set of commands on the script, and specifically omit the groups you do not want.
man sudo is your friend.
-----
Eric F Crist
Secure Computing Networks
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- References:
- Secure remote shell
- From: Olivier Nicole
- Re: Secure remote shell
- From: Kevin Downey
- Re: Secure remote shell
- From: Steve Bertrand
- Re: Secure remote shell
- From: Kevin Downey
- Re: Secure remote shell
- From: Steve Bertrand
- Secure remote shell
- Prev by Date: Re: Producing a staticly-linked package from ports
- Next by Date: named.conf - unable to set control bit
- Previous by thread: Re: Secure remote shell
- Next by thread: Re: Secure remote shell
- Index(es):
Relevant Pages
|
|
