http://www.perlmonks.org?node_id=259643


in reply to Re: Dangerous diamonds!
in thread Dangerous diamonds!

Do you have an example? There is likely a better way of configuring things so that root doesn't have to do the task.

Scripts that clean up after users. System wide /tmp and per-user ~/tmp directories, for example. And scripts that md5sum some user files. Perhaps the smallish log rotator could be run as apache. Let's see, nope, Apache writes its logs as root.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

Replies are listed 'Best First'.
Re^3: Dangerous diamonds! (sudo)
by Aristotle (Chancellor) on May 21, 2003 at 14:57 UTC
    It is time to learn about sudo, then. Write short scripts that do exactly as much as whatever extended priveleges (root or otherwise) are necessary for, and no more, and give exactly specified users the permission to execute them under another exactly specified account without being asked for a password. Your /etc/sudoers might grow somewhat, but the result is a completely controlled environment.

    Makeshifts last the longest.

Re: Re: Re: Dangerous diamonds!
by sauoq (Abbot) on May 21, 2003 at 17:06 UTC
    Scripts that clean up after users. System wide /tmp and per-user ~/tmp directories, for example.

    Make /tmp owned by 'sys' or create a system user for it. You can do the same for ~/tmp directories, just make them group writable by a system group... But really, users should be left to clean up after themselves. Institute quotas if they refuse to do so. Give them access to cron so they can automate cleanup if they like. This has an added benefit; since it is their ~/tmp directory, they should choose how old files should be before they are removed.

    And scripts that md5sum some user files.

    I'm sure there is an easy solution, but its hard to say what it is without more information. Why are you doing it? Which user files? Do you really need a glob to describe them or do they have well-defined names? Is it a service to users that they can be given control of (like cleaning up their ~/tmp dirs?) Can the files in question be group readable?

    Perhaps the smallish log rotator could be run as apache. Let's see, nope, Apache writes its logs as root.

    Out of the numerous ways you can handle that one, I'll point out the easiest: make the logs directory writable only by root. You shouldn't have to do anything because that's the default anyway. Since someone would need root before creating a file with an evil filename in that directory, it would be pointless for them to do so.

    -sauoq
    "My two cents aren't worth a dime.";
    

      Do you really need a glob to describe them or do they have well-defined names?

      No. It's just laziness. I could opendir/readdir/closedir and use three-arg open. But I didn't, because I didn't know -p/-n used two-arg open.

      I'll point out the easiest: make the logs directory writable only by root.

      It already is, but one little bug in Apache could perhaps allow the names to be user-defined. After all, the logs are full of user input.

      Anyhow, it *all* boils down to laziness. I could set up ACLs, of course. It's a matter of convenience. Usually this works out just fine. Too bad this time Perl didn't DWIM.

      Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }