How to Use sudo tar in a Script Without Password Prompt
This story has moved to NerdBoys.com. Please read this story at its new location.
1 comment:
Toby
said...
Good tips, however providing sudo access to tar would be equivalent to giving the user full root privileges.
Consider a situation where the user creates a tarball containing /etc/sudoers, /etc/passwd, /etc/shadow or any number of permission-granting files. All they would need to do is "sudo tar xvf /tmp/hack.tar" and they have just installed their own permissions.
Anything I'm missing? Bottom line is that if you give sudo tar access to your backup user, you should assume that anyone who has your backup password can get root whenever they want to.
1 comment:
Good tips, however providing sudo access to tar would be equivalent to giving the user full root privileges.
Consider a situation where the user creates a tarball containing /etc/sudoers, /etc/passwd, /etc/shadow or any number of permission-granting files. All they would need to do is "sudo tar xvf /tmp/hack.tar" and they have just installed their own permissions.
Anything I'm missing? Bottom line is that if you give sudo tar access to your backup user, you should assume that anyone who has your backup password can get root whenever they want to.
Post a Comment