[BBLISA] Fun with nosetuid!
Edward Ned Harvey
bblisa2 at nedharvey.com
Wed Jan 16 09:36:56 EST 2008
> On an unpatched Centos 4.4 system I chmod'd /usr/bin/sudo to ug+s, and
> set the
> filesystem in /etc/fstab to defaults,nosetuid. Reboot, and am told
> sudo needs
> to be set to setuid root.
Why would you want to do that?
It is normal for sudo to have "---s--x--x root root"
I don't know what other programs normally have setuid etc.
It sounds like you're trying to take an unnecessary security measure, and
it's biting you in the butt because it's a nonstandard thing to do.
I recommend this: Just use visudo, to ensure only the correct users are
granted sudo permissions. And then trust sudo to do its job right. It will
not give anyone root who you haven't explicitly granted permissions.
More information about the bblisa
mailing list