[Bug 12576] popt aliases allow users to bypass sudo argument restrictions

[samba-bugs at samba.org]

https://bugzilla.samba.org/show_bug.cgi?id=12576

--- Comment #4 from Paul Donohue <samba-bugs at PaulSD.com> ---
That's an interesting solution, but it doesn't really work well for my use
case.  I would like my users to be able to maintain their own SSH keys (this
solution would require me to manage users' SSH keys in
/root/.ssh/authorized_keys), and I don't particularly want to set
"PermitRootLogin yes" in /etc/ssh/sshd_config.  I also already have scripts to
manage sudo permissions, and I would have to make some significant changes to
support centrally managing authorized_keys.

I think the rsyncd+sudo solution actually works pretty well except for the
non-obvious fact that popt lets the user override the sudo restrictions.

There are are lots of rsync users out there who are running rsync through sudo,
so even if there happens to be a better way to handle my specific use case, it
seems to me that there either needs to be a giant disclaimer somewhere that
says running rsync in sudo is dangerous and suggests alternative solutions, or
rsync needs to provide some reasonably intuitive mitigations.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.