[831] in linux-security and linux-alert archive
Re: [linux-security] sudo limiting
daemon@ATHENA.MIT.EDU (Greg Spiegelberg)
Fri Jun 21 12:01:39 1996
From: Greg Spiegelberg <gs0@s1.GANet.NET>
To: blue@buttercup.cybernex.net (Blue)
Date: Thu, 20 Jun 1996 06:07:18 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606182119.RAA20576@buttercup.cybernex.net> from "Blue" at Jun 18, 96 05:19:49 pm
Blue said, and I indent...
--
--Greetings,
--
--The recent thread on sudo has brought a question to me for practical usage.
--
--How to implement administrative accounts which have the permission to
--create or change passwords of arbitary users, without having access to
--change the root password.
--
--I was implementing user adding facilities for a small group whom still
--should not have root access via sudo and realized that they could just
--change the root password. I am loathe to do it with a setuid program,
--even though then I can run the username through a filter, due to the
--probelms having a program like that can create.
--
--Baring hacking passwd, or creating a restricted version of it, is there
--any secure way around this delima?
I could be wrong here but for temporary fix you could modify the sudo
function set_perms() (line 759 of cu-sudo v1.4) to -not- set the effective
uid in all cases and replace your current passwd/npasswd/yppasswd
programs to check the euid. setuid() in the latest libc still only
modifies the uid not euid, right? Just a guess.
The other option is to not allow sudo users the passwd command(s).
--
Greg "Twotone" Spiegelberg - gs0@ganet.net
UNIX System Administrator/Crash Dummy
Lucent "But we'd rather be called AT&T Bell Labs" Technologies