Paranoid Penguin - Linux Filesystem Security, Part II
Save and exit the file.
Now, to do his thing, crash enters the command:
sudo rm /home/biff/extreme_casseroles/pineapple_mushroom_surprise.txt
whereupon he is prompted to enter his password. After he enters this correctly, the command:
is executed as root, and the offending file is gone.
Alternately, the line in /etc/sudoers could look like this:
crash localhost=/bin/rm /home/biff/extreme_casseroles/*
That way, crash can delete anything in extreme_casseroles/, regardless of the sticky bit setting.
As handy as it is, sudo is a powerful tool, so use it wisely; root privileges never should be trifled with. It really is better to use user and group permissions judiciously than to hand out root privileges, even with sudo. Better still, use an RBAC-based system such as SELinux if the stakes are high enough.
That's it for now. I hope you've found this tutorial useful. Until next time, be safe!
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
|Android Candy: Oyster—Netflix for Books!||Aug 07, 2014|
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- Tech Tip: Really Simple HTTP Server with Python
- IndieBox: for Gamers Who Miss Boxes!
- RSS Feeds
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Linux Security Threats on the Rise
- Putlocker!! Watch Begin Again Online 2014 Streaming Full Movie
- Cooking with Linux - Serious Cool, Sysadmin Style!