On Fri, Sep 26, 2008 at 10:31:46AM -0700, Aldo Foot wrote: > On Fri, Sep 26, 2008 at 10:13 AM, Craig White <craigwhite@xxxxxxxxxxx> wrote: > > On Sat, 2008-09-27 at 01:10 +0800, edwardspl@xxxxxxxxxx wrote: > >> Aldo Foot wrote: > >> > >> >On Fri, Sep 26, 2008 at 9:34 AM, <edwardspl@xxxxxxxxxx> wrote: > >> > > >> > > >> >>Dear All, > >> >> > >> >>How to config the sudo, then allow user A to install tarball packages with FC8 System ? > >> >> > >> >> > >> > >> >You use the 'visudo' command to edit the /etc/sudoers files. > >> >Don't edit that file directly. > >> > > >> >see this /etc/sudoers sample > >> >http://www.gratisoft.us/sudo/sample.sudoers > >> > > >> >'rpm' is just another command you add to the allowed commands. > >> >so for example a the CLI: "sudo rpm -Uvh someRpm.rpm', > >> > > >> >~af > >> > > >> > > >> > > >> Hello Aldo, > >> > >> Sorry, my means is tarball packages ( NOT rpm packages )... > > ---- > > users don't need superuser privileges to use tar at all UNLESS they are > > trying to 'untar' into spaces where only superuser can write, in which > > case, security is out the window. > > > > Craig > > You're correct. How did I mix rpm and tar? My coffee was not strong > enough this morning.. ;-) And the same security issue exists for yum, rpm and cpio. If I can run "sudo `rpm -Uvh anything" I can install anything I want including a new pass word file, bogus user or other backdoor. -- T o m M i t c h e l l Found me a new hat, now what? -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
