[Dirvish] Dirvish, rsync and sudo

Ben Luey lueyb at jilau1.colorado.edu
Wed Jul 13 10:37:28 PDT 2005


I think it is great to have dirvish not running as root. The said, I think
the security advantage of greatly reduced with the below sudo line:

> 2) Add the following line into /etc/sudoers on both client and server
username  ALL= (root) NOPASSWD: /usr/bin/rsync

If someone got access to the system as the dirvish user, they could easily
overwrite /etc/shadow with a "sudo rsync" command and then they have root
access to the computer. I think you want to put a more restrictive

/usr/bin/rsync -$OPTIONS $FROM $TO

or whatnot into the sudoers file. My hack of getting dirvish to run as not
root (see previous post on "Dirvish and sudo") did this somewhat, although
I'm sure that sudo line could be locked down further.

Ben






More information about the Dirvish mailing list