Secure remote shell

Eric Crist mnslinky at gmail.com
Fri Nov 30 05:41:47 PST 2007


On Nov 29, 2007, at 1:37 AM, Steve Bertrand wrote:

[snip]

> A legitimate question:
>
> If I add user 'www' to 'sudoers' with the ability to run adduser, does
> that not give user 'www' to put the added user in a group, perhaps  
> wheel?
>
> If said commands are passed via 'user' to web browser to web server,  
> run
> within context of the web server user, and web server user has sudo
> rights to the remote box, does that not mean that the server is
> essentially 'executing user input'?


Not if you use the right commands and configure the sudo stuff  
correctly.  Since this is scripted, you can easily force a very  
specific set of commands on the script, and specifically omit the  
groups you do not want.

man sudo is your friend.
-----
Eric F Crist
Secure Computing Networks




More information about the freebsd-questions mailing list