[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webmin-l
Subject:    Re: possible security problem/solved
From:       Kris Deugau <kdeugau () webhart ! net>
Date:       2002-11-22 21:45:58
[Download RAW message or body]

Robert Brandtjen wrote:
> no - an independant databse programmer hired by the owner of the box (who has
> not payed a bill in 13 months)

So cut off service.  If they haven't paid their bills, you have grounds
for discontinuing service until they do.  Check through your ToS and
policy docs.

> had set up sudo and given himself root access.
> once logged in, he simply sudoed and replaced root's passwd as well as
> webmin.
> 
> I still think sudo is evil.

Improperly configured, yes, it's a major security hole.  Properly
configured, it allows an administrator to delegate tasks to "ordinary
users" without giving them the root password.

Between sudo and passwd, you *can* set things up so that a sudo user can
NOT change the root password- even if they can change other passwords.

I don't know how to do that, however.  :)

-kgd
-- 
Money is overrated.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
[prev in list] [next in list] [prev in thread] [next in thread]