Wednesday, October 22, 2008

How to Use sudo tar in a Script Without Password Prompt

This story has moved to Please read this story at its new location.

1 comment:

Toby said...

Good tips, however providing sudo access to tar would be equivalent to giving the user full root privileges.

Consider a situation where the user creates a tarball containing /etc/sudoers, /etc/passwd, /etc/shadow or any number of permission-granting files. All they would need to do is "sudo tar xvf /tmp/hack.tar" and they have just installed their own permissions.

Anything I'm missing? Bottom line is that if you give sudo tar access to your backup user, you should assume that anyone who has your backup password can get root whenever they want to.