su: blacklist users

[A. Khattri]

On Fri, 26 May 2006, Tim Wunder wrote:

> You could share root's password among multi users if you want. But then you
> lose the logging that sudo provides. The argument Dom and I had was
> regarding "limited" sudo access. If you give sudo, it's logically the same as
> giving the root password to the user you grant sudo privileges to, as far as
> granting the ability to modify your system.

Not sure Im following this correctly: with sudo I can specify which exact
commands (and only those commands) a user can run as root. But more
importantly I can specify which command-line argments to those commands
are NOT allowed.

Example: recently I had a colo server where they wanted to be able to add
accounts and change passwords. So I setup a command alias in the sudoers
file that only listed those two commands. I then later in the file
specify which account can run the command alias and which command aliases
they cannot run (e.g. they can't change the password of any existing
accounts, or any system accounts or root or mine, etc etc).

Now I would imagine commands that allow subshells (i.e. vi, more, less,
etc) might be exploitable. Is this what people are driving at?



-- 
A