Paranoid Penguin - Linux Filesystem Security, Part II
Save and exit the file.
Now, to do his thing, crash enters the command:
sudo rm /home/biff/extreme_casseroles/pineapple_mushroom_surprise.txt
whereupon he is prompted to enter his password. After he enters this correctly, the command:
is executed as root, and the offending file is gone.
Alternately, the line in /etc/sudoers could look like this:
crash localhost=/bin/rm /home/biff/extreme_casseroles/*
That way, crash can delete anything in extreme_casseroles/, regardless of the sticky bit setting.
As handy as it is, sudo is a powerful tool, so use it wisely; root privileges never should be trifled with. It really is better to use user and group permissions judiciously than to hand out root privileges, even with sudo. Better still, use an RBAC-based system such as SELinux if the stakes are high enough.
That's it for now. I hope you've found this tutorial useful. Until next time, be safe!
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).
Webinar: 8 Signs You’re Beyond Cron
On Demand NOW
Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.View Now!
|Dr Hjkl on the Command Line||May 21, 2015|
|Initializing and Managing Services in Linux: Past, Present and Future||May 20, 2015|
|Goodbye, Pi. Hello, C.H.I.P.||May 18, 2015|
|Enter to Win Archive DVD + Free Backup Solution||May 18, 2015|
|Using Hiera with Puppet||May 14, 2015|
|Urgent Kernel Patch for Ubuntu||May 12, 2015|
- Initializing and Managing Services in Linux: Past, Present and Future
- Dr Hjkl on the Command Line
- Goodbye, Pi. Hello, C.H.I.P.
- Using Hiera with Puppet
- Gartner Dubs DivvyCloud Cool Cloud Management Vendor
- Mumblehard--Let's End Its Five-Year Reign
- Enter to Win Archive DVD + Free Backup Solution
- Infinite BusyBox with systemd
- It's Easier to Ask Forgiveness...
- Urgent Kernel Patch for Ubuntu