Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'sudo is fine grained' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
sudo is fine grained
Authored by: vajonez on Aug 25, '03 05:37:02PM
I see many people talk about 'risk' when using sudo with NOPASSWD: and I agree, when applied broadly it is a little silly. However, sudo has very fine grained control over who can do what and as whom (either with or without a password).

Bad idea:
user ALL=(ALL) NOPASSWD: ALL

Better idea:
user localhost=(user_to_run_as) NOPASSWD: /path/to/some/program_or_script

This allows user to run /path/to/some/program_or_script as user_to_run_as on localhost with no password. You can include muliple users in the parentheses and even exclude users by preceding the username with a !, i.e. (ALL, !root) means all users except root.

This, IMO, certainly beats having scripts with passwords hardcoded into them in cleartext.

See man sudoers for more information.

[ Reply to This | # ]