undefined | Better HN

0 pointsehutch793y ago0 comments

For wildcards;

Allowing a user to use systemctl with specific daemons, so ```systemctl * unit-name```, without a password. But anything outside of that I need a password.

0 comments

Denvercoder93y ago

It's actually good to not support such things, because it makes it way too easy to give more permissions than you intent to. In your example it effectively gives unlimited root access, as you can do `systemctl edit unit-name` and change the unit to run arbitrary programs as root.

ilyt3y ago

Depends on what you do. If you have app server and use it to give access for developers to restart their apps, them getting root on the server is entirely irrelevant.

It's more so the curious dev don't just go sudo bash and changes stuff willy nilly then forgets what they changed.

We do avoid wildcards like plague but honestly regexp support would be more useful, then our devs could just have say

    ^/bin/systemctl (start|stop|restart|status) app-([a-z0-9\.\-]+)$

and be pretty safe.

josteink3y ago

Sure. But the simplicity of adding a wildcard makes it very easy for sysadmins to make a too simplistic configuration, which in turn ends up being a security vulnerability, maybe even if the code in sudo itself contains no faults.

To me this sounds like a feature for a non-default "root-manager", while the default should be kept simpler to avoid people falling into such traps.

heleninboodler3y ago

You lost me somewhere between "regexp" and "pretty safe."

claviola3y ago

That's all well and true, but it's an expected downside which you'd see with any software which needs to be properly configured to run. If a user doesn't know they should take this seriously by ensuring that a tool which potentially grants root privileges is correctly configured, that shouldn't stop others who know better.

ehutch79OP3y ago

Yeah, why is that a command anyways...

But the point being that the users who have that also can just sudo anything anyways, and if an attacker is running shell commands, you're already in trouble.

I'm wondering if you're not right at this point though.

j / k navigate · click thread line to collapse