[prev in list] [next in list] [prev in thread] [next in thread]
List: webmin-l
Subject: Re: possible security problem/solved
From: Kris Deugau <kdeugau () webhart ! net>
Date: 2002-11-22 21:45:58
[Download RAW message or body]
Robert Brandtjen wrote:
> no - an independant databse programmer hired by the owner of the box (who has
> not payed a bill in 13 months)
So cut off service. If they haven't paid their bills, you have grounds
for discontinuing service until they do. Check through your ToS and
policy docs.
> had set up sudo and given himself root access.
> once logged in, he simply sudoed and replaced root's passwd as well as
> webmin.
>
> I still think sudo is evil.
Improperly configured, yes, it's a major security hole. Properly
configured, it allows an administrator to delegate tasks to "ordinary
users" without giving them the root password.
Between sudo and passwd, you *can* set things up so that a sudo user can
NOT change the root password- even if they can change other passwords.
I don't know how to do that, however. :)
-kgd
--
Money is overrated.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic