Secure remote shell
Eric Crist
mnslinky at gmail.com
Fri Nov 30 05:41:47 PST 2007
On Nov 29, 2007, at 1:37 AM, Steve Bertrand wrote:
[snip]
> A legitimate question:
>
> If I add user 'www' to 'sudoers' with the ability to run adduser, does
> that not give user 'www' to put the added user in a group, perhaps
> wheel?
>
> If said commands are passed via 'user' to web browser to web server,
> run
> within context of the web server user, and web server user has sudo
> rights to the remote box, does that not mean that the server is
> essentially 'executing user input'?
Not if you use the right commands and configure the sudo stuff
correctly. Since this is scripted, you can easily force a very
specific set of commands on the script, and specifically omit the
groups you do not want.
man sudo is your friend.
-----
Eric F Crist
Secure Computing Networks
More information about the freebsd-questions
mailing list