[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Grinch

Subject: [ale] Grinch
From: jkinney at jimkinney.us (Jim Kinney)
Date: Wed, 17 Dec 2014 11:43:31 -0500
In-reply-to: <CABo2fvBbyBzZczLfh2osy9BtAHuKLzHbHgUhuOV4O+x1dsd12g@mail.gmail.com>
References: <CABo2fvBbyBzZczLfh2osy9BtAHuKLzHbHgUhuOV4O+x1dsd12g@mail.gmail.com>

More reasons to finish the setup to only allow sudo through IPA and
Kerberos tokens. Only a single, local user should ever have wheel and
that's the admin. So I have no local users (other than an admin account)
on all the CentOS 7 systems I've been setting up and using FreeIPA to
control user access. Don't have all of sudo under that umbrella yet.
It's nice to be able to say user fred can use sudo for the following
commands on this group of machines from time A to time B only. User Mary
can have sudo for all of her machines at all times and an additional
group allows her sudo on machine foo only.

yeah. groups of groups. sort of like "y'all" and "all y'all" :-)

On Wed, 2014-12-17 at 09:09 -0500, Boris Borisov wrote:
> http://itsecurityguru.org/linux-users-warned-grinch-privilege-escalation-flaw/#.VJGOa8leYdU
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

References:
- [ale] Grinch
  - From: bugyatl at gmail.com (Boris Borisov)

Prev by Date: [ale] OT: Linux+ Course requires Silverlight
Next by Date: [ale] ctrl-d in virt-manager?
Previous by thread: [ale] Grinch
Next by thread: [ale] Monitoring dhcpd.leases file?
Index(es):
- Date
- Thread