Re: Enabling telnet, ftp, pop3 for root...

---

• From: Ertugrul Soeylemez <never@xxxxxxxxxxxxxx>
• Date: Sun, 9 Apr 2006 05:25:10 +0200

---

matt_left_coast <not@xxxxxxxxxx> (06-04-06 19:18:15):

I notice that you did not address BOTH the issues I raised. It
would be impossible to admin a system without giving access to an
editor as root. In that case, logging is disabled. Might just as
well give them access to a shell.

It is possible. You can write small wrapper scripts or programs,
which copy some file in user's writable space over the actual
configuration file. This allows the user to edit configuration
files without needing to use an editor as root.

However, the configuration files themselves may raise security
risks. One good reason to read the docs and be very careful.

Dude, you can edit scripts and run them AS ROOT and only the name of
the script is logged by sudo.

I write a program, which does nothing more than copying a file from the
writable space of a user over a system-wide configuration file. That
program is owned by root:root and has the SetUID bit. The configuration
file is not dangerous. This should be perfectly secure.


Regards.
.

---

• Follow-Ups:
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: matt_left_coast

• References:
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: Ertugrul Soeylemez
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: Sybren Stuvel
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: Ertugrul Soeylemez
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: Michael Trausch
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: matt_left_coast
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: Michael Trausch
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: matt_left_coast
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: Ertugrul Soeylemez
  • Re: Enabling telnet, ftp, pop3 for root...
    • From: matt_left_coast

• Prev by Date: Re: Enabling telnet, ftp, pop3 for root...
• Next by Date: Re: Enabling telnet, ftp, pop3 for root...
• Previous by thread: Re: Enabling telnet, ftp, pop3 for root...
• Next by thread: Re: Enabling telnet, ftp, pop3 for root...
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Enabling telnet, ftp, pop3 for root... ... You can write small wrapper scripts or programs, ... files without needing to use an editor as root. ... writable space of a user over a system-wide configuration file. ... (alt.os.linux) Re: Enabling telnet, ftp, pop3 for root... ... be impossible to admin a system without giving access to an editor as ... to use an editor as root. ... the configuration files themselves may raise security risks. ... (alt.os.linux) Re: Unable to set DISPLAY localhost:0.0 / Solved ... [root@localhost root]# date ... # This is the ssh client system-wide configuration file. ... # Kerberos TGT Passing only works with the AFS kaserver ... (Fedora) Re: Two Lenny problems ... the password for root. ... If you did not see a shell prompt ending with # instead ... Long term, I recommend that you learn to use vi, which is considered ... The second most popular text editor is GNU emacs. ... (Debian-User) Re: Two Lenny problems ... editor for the GNOME desktop environment. ... Kwrite in KDE is a good compromise between vi and word-processors, ... I assumed that Kwrite was a word processor. ... GNOME, by default, doesn't even allow the root user to login to the X ... (Debian-User)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > alt.os.linux  > 2006-04