On Wed, 19 Nov 2008 19:14:43 +0800, edwardspl@xxxxxxxxxx wrote: > Michael Schwendt wrote: > > >On Wed, 19 Nov 2008 12:52:30 +0800, edwardspl wrote: > > > > > > > >>Dear All, > >> > >>For /usr/bin/upasswd : > >> > >>#!/bin/sh > >> > >># Validate that a username was given as an argument > >>[ -n "$1" ] || { > >>echo "Use: upasswd <username>" >&2 > >>exit 64 > >>} > >> > >># Validate that the username wasn't "root" > >>[ "$1" != "root" ] || { > >>echo "Can't set the root user's password" >&2 > >>exit 77 > >>} > >> > >># Use -- to make sure that the "username" given wasn't just > >># a switch that passwd would interpret. > >># THIS ONLY WORKS ON GNU SYSTEMS. > >>passwd -- "$1" > >> > >>For visudo : > >>SYSADM MH = (ALL) /usr/bin/upasswd > >> > >> > > > >Even if you rely on sudo's default environment variables restrictions and > >safety checks, prefer absolute paths when executing tools like > >/usr/bin/passwd > > > > > Hello, > > Sorry, I don't quite understanding what is your means... > > Thanks ! > > Edward. You've been on Fedora [or Red Hat Linux] related mailing-lists before, a long time ago. It isn't news that you try to build a lot from tarballs instead of using prebuilt/preconfigured rpms which are part of the distribution. Asking questions is okay. Still you ought to show that you're interested in trying to read the documentation that comes together with the software you want to use. In this case "man sudo sudoers". These manuals contain security related notes, which you really ought to read if you want to give users sudo access. What I mean with my comments on preferring absolute paths is that in the wrapper-script /usr/bin/upasswd (the name you've chosen for it) you ought to run "/usr/bin/passwd" at the bottom, not just "passwd". By running "passwd" within PATH you rely on security features in sudo to prevent a user from modifying $PATH and running an arbitrary program named "passwd" with superuser privileges. That program could be anything, especially since it is being passed with "$1" without any helpful safety-checks. Even if you think that sudo does not make that possible (read about SECURE_PATH and the env_* features I've mentioned), a change in the configuration, in the defaults (or when using selfbuilt software) may open the attack vector. Hence let the script run /usr/bin/passwd at the bottom, which is exactly what you want. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines