Paranoid Penguin - Linux Filesystem Security, Part II
Save and exit the file.
Now, to do his thing, crash enters the command:
sudo rm /home/biff/extreme_casseroles/pineapple_mushroom_surprise.txt
whereupon he is prompted to enter his password. After he enters this correctly, the command:
is executed as root, and the offending file is gone.
Alternately, the line in /etc/sudoers could look like this:
crash localhost=/bin/rm /home/biff/extreme_casseroles/*
That way, crash can delete anything in extreme_casseroles/, regardless of the sticky bit setting.
As handy as it is, sudo is a powerful tool, so use it wisely; root privileges never should be trifled with. It really is better to use user and group permissions judiciously than to hand out root privileges, even with sudo. Better still, use an RBAC-based system such as SELinux if the stakes are high enough.
That's it for now. I hope you've found this tutorial useful. Until next time, be safe!
Mick Bauer, CISSP, is Linux Journal's security editor and an IS security consultant in Minneapolis, Minnesota. He's the author of Building Secure Servers With Linux (O'Reilly & Associates, 2002).
- Readers' Choice Awards 2013
- AIDE—Developing for Android on Android
- Best. Cake. Ever.
- Two Pi R
- The Geek's Guide to the Coolest 2013 Holiday Gifts
- Non-Linux FOSS: Let's Make Music Together
- A Handy U-Boot Trick
- Raspberry Pi: the Perfect Home Server
- RSS Feeds
- Tech Tip: Really Simple HTTP Server with Python
- Thanks for clearing that up.
31 min 18 sec ago
- Nice coding on the cake. I
12 hours 3 min ago
- Baker's identity
16 hours 52 min ago
- Uber jealous
21 hours 50 min ago
- Reality is disapointing
1 day 8 hours ago
- Máy sấy quần áo
1 day 11 hours ago
- Services on GlusterFS
1 day 11 hours ago
- Reply to comment | Linux Journal
1 day 12 hours ago
- Definitely cool stuff here
1 day 13 hours ago
- thanks for the information
1 day 15 hours ago