Sudo Mastery: User Access Control for Real People by Lucas Michael W

Author:Lucas, Michael W [Lucas, Michael W]
Language: eng
Format: epub
Publisher: Tilted Windmill Press
Published: 2013-11-14T05:00:00+00:00

Allowing User Overrides

Some users, running some commands, might need to customize their environment in ways the security policy can't anticipate. An application server might behave differently depending on the presence or absence of environment variables, and if the software changes quickly those values might need constant updating. Sudoers lets you write a security policy that says "Here are the standard environment settings, but let these specific users set their own environment variables for these specific commands."

Use the SETENV and NOSETENV tags on commands to let the user ask sudo to not alter his environment variables. The SETENV tag permits users to keep their environment on request. Here, Pete has a specific exception permitting him to control his environment on certain commands.

pete dbtest1 = (oracle) SETENV: /opt/oracle/bin/*

On the machine dbtest1, Pete can use his own environment when running Oracle commands as oracle. Oracle software is highly sensitive to environment variables. Pete can explore arbitrary configurations on the test server, and make a formal request for an updated sudoers policy in production once he understands what he needs.

Pete must specifically ask sudo to not change his environment by using the –E flag.

$ sudo –E –u oracle /opt/oracle/bin/sqlplus

Without the –E flag, sudo will perform its standard environment stripping despite the presence of NOSETENV in sudoers.

Use the tag NOSETENV to override a previous SETENV.

pete dbtest1 = (oracle) SETENV: /opt/oracle/bin/*

pete dbtest1 = (oracle) NOSETENV: /opt/oracle/bin/gennttab

Pete can control his environment for all Oracle commands, except for gennttab. (Remember, sudo rules are last match.)

In addition to the SETENV tag, there's also a setenv option. Use it just like any other option.

Defaults:thea setenv

Thea can override her environment anywhere, provided she uses the –E flag with sudo. As the senior sysadmin she's already on the hook for system damage, and she needs the flexibility to troubleshoot any possible problem. Giving herself the ability to override the environment on demand is a perfectly legitimate exception, especially as it only works at those times she specifically requests it.

Only give highly trusted users the ability to override environment variables, and then only in test environments. Remember, sudo policies aren't just to control users – they're also for limiting the damage malicious intruders can inflict on the system.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.