[ale] Grinch

Jim Kinney jkinney at jimkinney.us
Wed Dec 17 11:43:31 EST 2014


More reasons to finish the setup to only allow sudo through IPA and
Kerberos tokens. Only a single, local user should ever have wheel and
that's the admin. So I have no local users (other than an admin account)
on all the CentOS 7 systems I've been setting up and using FreeIPA to
control user access. Don't have all of sudo under that umbrella yet.
It's nice to be able to say user fred can use sudo for the following
commands on this group of machines from time A to time B only. User Mary
can have sudo for all of her machines at all times and an additional
group allows her sudo on machine foo only.

yeah. groups of groups. sort of like "y'all" and "all y'all" :-)

On Wed, 2014-12-17 at 09:09 -0500, Boris Borisov wrote:
> http://itsecurityguru.org/linux-users-warned-grinch-privilege-escalation-flaw/#.VJGOa8leYdU
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo




More information about the Ale mailing list