Sudoedit will allow the user to escape to a root shell-solvd

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Forum Moderator
Posts: 27384
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Sudoedit will allow the user to escape to a root shell

Post by TrevorH » 2015/02/05 12:09:01

sudoedit is a command that is part of the sudo package. It works in the same way as sudo but doesn't need sudo run to invoke it. What it does is it becomes root, copies the file to be edited elsewhere, drops root privileges back to the user, edits the file as the user who invoked it, when they quit/write it then it copies the file back to the original as root again. All editing is done as the user in question and root privileges are only used to copy the file to and back. If you run sudoedit /some/file and it doesn't allow you to run it when you believe that it should then you have set up sudoers incorrectly.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

stevemowbray
Posts: 494
Joined: 2012/06/26 14:20:47

Re: Sudoedit will allow the user to escape to a root shell

Post by stevemowbray » 2015/02/05 12:10:44

sudoedit is equivalent to "sudo -e". I suggest you read the man page.

lorisalbanese
Posts: 10
Joined: 2013/03/22 16:13:38
Location: Italy

Re: Sudoedit will allow the user to escape to a root shell

Post by lorisalbanese » 2015/02/06 12:56:56

Here's the trick.

i'm sorry for misunderstanding. This configuration is working correctly:


unprivuser ALL = sudoedit /etc/httpd/conf.d/ssl.conf

I miss the note:

" ** Note ** that if you specify the full path of sudoedit i.e. /usr/bin/sudoedit - you will need to run sudo sudoedit /etc/httpd/conf.d/ssl.conf, which means you can escape to the shell as root again. "

Thank you TrevorH and many thanks to you to Mark Flitter (RedHat community)

Loris

Post Reply

Return to “CentOS 7 - Security Support”