Good tips, however providing sudo access to tar would be equivalent to giving the user full root privileges. Consider a situation where the user creates a tarball containing /etc/sudoers, /etc/passwd, /etc/shadow or any number of permission-granting files. All they would need to do is "sudo tar xvf /tmp/hack.tar" and they have just installed their own permissions.Anything I'm missing? Bottom line is that if you give sudo tar access to your backup user, you should assume that anyone who has your backup password can get root whenever they want to.
Post a Comment
Rants, raves, comments and tips about computer hardware and software -- from a software developer's point of view.