[nycphp-talk] SSH2_CONNECT
CED
consult at covenantedesign.com
Fri Jul 31 20:58:29 EDT 2009
Leam Hall wrote:
> CED wrote:
>> Leam Hall wrote:
>>>
>>>
>>> http://forums.fedoraforum.org/showthread.php?t=159677
>>>
>>> [root at leam ~]# grep -i tty /etc/sudoers
>>> Defaults requiretty
>>>
>>> That might help. :)
>>>
>>> Leam
>>>
>
>> Please DO NOT use Leam's example...
>>
>> "Defaults requiretty" is a global sudoers security default, change
>> the default at the user level... or, again; Don't do it at all.
>>
>
> Depends on the nature of the server. Changing sudoers is less
> problematic unless you have a lot of sudo'ing going on.
>
> What do you see as the issue?
>
> Leam
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
>
>
I thought it was somewhat clear from my previous post...
The entire point of sudoers is to manage and audit those running
commands in escalation.
Whether the list is large or small, the entire point it to satisfy
secuirty needs for auditing and accountability, globally adjusting the
defaults to the sudoers file begins to slight against it's very reason
for sudoers existing.
Particularly the session level limits (requiring a REAL tty), in the
simplist way it prevents scary things like "rlogin -l iamleam Leamspc
'cd /; rm -rf'" from firing.
I would suggest reading the sudoers man page and the 2.6 kernel notes.
-Ed
--
<img src="http://covenantedesign.com/logo.jpg" border ="0">
995 Maple Hill Road
Castleton, New York 12033
518-331-5061
Consult at CovenanteDesign.com
More information about the talk
mailing list