Paranoid Penguin - Linux Filesystem Security, Part II
Save and exit the file.
Now, to do his thing, crash enters the command:
sudo rm /home/biff/extreme_casseroles/pineapple_mushroom_surprise.txt
whereupon he is prompted to enter his password. After he enters this correctly, the command:
is executed as root, and the offending file is gone.
Alternately, the line in /etc/sudoers could look like this:
crash localhost=/bin/rm /home/biff/extreme_casseroles/*
That way, crash can delete anything in extreme_casseroles/, regardless of the sticky bit setting.
As handy as it is, sudo is a powerful tool, so use it wisely; root privileges never should be trifled with. It really is better to use user and group permissions judiciously than to hand out root privileges, even with sudo. Better still, use an RBAC-based system such as SELinux if the stakes are high enough.
That's it for now. I hope you've found this tutorial useful. Until next time, be safe!
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).
Win an iPhone 6
Enter to Win
|Microsoft and Linux: True Romance or Toxic Love?||Nov 25, 2015|
|Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.||Nov 24, 2015|
|Cipher Security: How to harden TLS and SSH||Nov 23, 2015|
|Web Stores Held Hostage||Nov 19, 2015|
|diff -u: What's New in Kernel Development||Nov 17, 2015|
|Recipy for Science||Nov 16, 2015|
- Microsoft and Linux: True Romance or Toxic Love?
- Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.
- Cipher Security: How to harden TLS and SSH
- Web Stores Held Hostage
- PuppetLabs Introduces Application Orchestration
- Simple Photo Editing, Linux Edition!
- Firefox's New Feature for Tighter Security
- diff -u: What's New in Kernel Development
- November 2015 Issue of Linux Journal: System Administration
- It's a Bird. It's Another Bird!