Re: sudoers is mode 0440, should bo 0640
- From: Robert Nichols <SEE_SIGNATURE@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 18 Feb 2006 14:12:37 +0000 (UTC)
In article <slrndvcb5q.es0.ibuprofin@xxxxxxxxxxxxxxxxx>,
Moe Trin <ibuprofin@xxxxxxxxxxxxxxxxxxxxxx> wrote:
:On 16 Feb 2006, in the Usenet newsgroup linux.redhat, in article
:<1140122669.320900.263470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, kona_iron@xxxxxxxx
:wrote:
:>We distribute the same sudoers file on both our Solaris and Linux
:>machines.
:>All /etc/sudoers file are set to 0440
:>It works well on Solaris machines.
:>But on Linux RedHat I got the following error using sudo :
:>sudo : /etc/sudoers is mode 0440, should be 0640
:>
:>Any idea where is the problem ?
:
:That's an internal security check that the file has the "original"
:(meaning "safe") permissions. If you don't like that, you should
:have the source, so you can reach in and change it, then recompile.
:
:>Because I do not like to set 0640 my /etc/sudoers file
:
:Why not? The file should be owned by root:root and unless you have
:removed the execute bits on /bin/chmod any security gained by
:removing write access by the file owner is totally illusionary.
Doubly so if the owner is root, since root can write to a mode 0400
file without doing anything special.
# echo hello >junk
# chmod 400 junk
# echo there >>junk
# cat junk
hello
there
# ls -l junk
-r-------- 1 root root 12 Feb 18 08:11 junk
--
Bob Nichols AT comcast.net I am "RNichols42"
.
- References:
- sudoers is mode 0440, should bo 0640
- From: kona_iron
- Re: sudoers is mode 0440, should bo 0640
- From: Moe Trin
- sudoers is mode 0440, should bo 0640
- Prev by Date: Re: Updating Fedora Core 4
- Next by Date: Re: Updating Fedora Core 4
- Previous by thread: Re: sudoers is mode 0440, should bo 0640
- Next by thread: RH ES3 mysql performance problems
- Index(es):
Relevant Pages
|
