Is there a "recommended" way to setup access for privileged admin tasks with
sudo?
In Dominick Grift's blog article
http://selinux-mac.blogspot.com/2009/06/selinux-lockdown-part-seven-su-ne...
the user assigned the webadm_r role gets a sudo access with match "ALL"
so in this example you trust SELinux solely to protect the system from
unauthorized access.
Is this way you would normally do it on a production machine?
If you make the sudoers rules more specific for the actual commands the
admin user need to run
you will gain some initial lock-down from sudo, but at the expense of the
sudoers file
requiring significantly more maintenance.
Administrators generally like scripting to automate task, but by allowing a
sub-admin to run a shell with uid=0
we are again left with only SELinux to prevent unauthorized access.
Is the general feeling that SELinux in say fedora12 is mature enough so that
we can trust that it will protect
the system from unauthorized access if we allow sub-administrators to run
scripts as uid=0 ?
I see that support for capabilities on files has finally found its way into
fedora12. It that something that is
being used to achieve some sort of middle ground between the two
alternatives I listed above?
/Leif