Submit your Linux news story here.

How to edit files securely on Linux when using sudo command

The sudo command is pretty risky when you give vi or Vim text editor access to ordinary users. A normal user can edit /etc/sudoers or grant himself/herself more sudo privileges and so on. Another risk is running commands such as :!/bin/rm -rf /boot/* as vim allows for the shell command to execute.

From the article:

Suppose you are a system administrator in a company where teams mostly work on Linux with limited privileges. Now imagine a situation where members of one of the teams – as part of some new work – need to frequently edit a file that requires superuser privileges. What would you do?
One option is to give them the ‘sudo’ access, but that would be like giving a stranger access to your complete home when all they require is to be in only one of your rooms – what I mean is, default ‘sudo’ access will let them do anything that requires root privileges, when all that is required is the ability to edit a certain system file.

Comments on this entry are closed.