InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

Menu
  • Home
  • Sitemap

Python Programming Language Best Tutorials and Code Examples

Learn Python Right Now!
Home
Bash
Using sudo More Securely in bash
Bash

Using sudo More Securely in bash

InfinityCoder April 3, 2017

You want to use sudo but are worried about granting too many people too many
privileges.

Good! You should be worrying about security.

While using sudo is much more secure than not using it, the default settings may be greatly improved.
Take the time to learn a bit about sudo itself and the /etc/sudoers file.

In particular, learn that in most cases you should not be using the ALL=(ALL) ALL specification!

Yes, that will work, but it’s not even remotely secure.

The only difference between that and just giving everyone the root password is that they don’t know the root password.
They can still do everything root can do. sudo logs the commands it runs, but that’s trivial to avoid by using sudo bash.

Second, give your needs some serious thought.

Just as you shouldn’t be using the ALL=(ALL) ALL specification, you probably shouldn’t be managing users one by one either.

The sudoers utility allows for very granular management and we strongly recommend using it.

man sudoers provides a wealth of material and examples, especially the section on preventing shell escapes.
sudoers allows for four kinds of aliases: user, runas, host, and command.

Judicious use of them as roles or groups will significantly reduce the maintenance burden.

For instance, you can set up a User_Alias for BUILD_USERS, then define the machines those users need to run on with Host_Alias and the commands they need to run with Cmnd_Alias.

If you set a policy to only edit /etc/sudoers on one machine and copy it around to all relevant machines periodically using scp with public-key authentication, you can set up a very secure yet usable system of least privilege.

Share
Tweet
Email
Prev Article
Next Article

Related Articles

Using chroot Jails in bash
You have to use a script or application that you …

Using chroot Jails in bash

Running Commands from a Variable in bash
You want to run different commands in your script depending …

Running Commands from a Variable in bash

About The Author

InfinityCoder
InfinityCoder

Leave a Reply

Cancel reply

Recent Tutorials InfinityQuest

  • Adding New Features to bash Using Loadable Built-ins in bash
    Adding New Features to bash Using Loadable …
    June 27, 2017 0
  • Getting to the Bottom of Things in bash
    Getting to the Bottom of Things in …
    June 27, 2017 0

Recent Comments

  • fer on Turning a Dictionary into XML in Python
  • mahesh on Turning a Dictionary into XML in Python

Categories

  • Bash
  • PHP
  • Python
  • Uncategorized

InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more

About Us

Start learning your desired programming language with InfinityQuest.com.

On our website you can access any tutorial that you want with video and code examples.

We are very happy and honored that InfinityQuest.com has been listed as a recommended learning website for students.

Popular Tags

binary data python CIDR convert string into datetime python create xml from dict python dictionary into xml python how to create xml with dict in Python how to write binary data in Python IP Address read binary data python tutorial string as date object python string to datetime python

Archives

  • June 2017
  • April 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
Copyright © 2021 InfinityQuest - Programming Code Tutorials and Examples with Python, C++, Java, PHP, C#, JavaScript, Swift and more
Programming Tutorials | Sitemap