Timeline for Non-root user getting root access after running "sudo vi /etc/hosts"
Current License: CC BY-SA 3.0
17 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Mar 12, 2018 at 14:59 | comment | added | timuzhti |
User privilege limitations won't apply to programs launched with sudo, because once they're launched, they are root. Why is sudo apt allow to install software when user isn't? Why can sudo rm -rf /* allowed to remove files that the user definitely has no write permission for? Why does sudo vi launch what may as well be a root shell? Why does (a graphical extension of)-sudo xterm launch what is a root shell? Because the process launched by sudo runs as root.
|
|
| Mar 12, 2018 at 14:46 | comment | added | timuzhti |
@overexchange Because vi, as root, is allowed to do anything it wants, and the users that launch it are allowed to whisper sweet nothings to it through stdin. Now, while something like ls or dir, they will happily ignore any input and get on with the job, vi will do anything the user wants. Why does gksudo xterm allow a sudoer to launch /bin/sh as root? Because those are things that users can do with vi and xterm.
|
|
| Mar 12, 2018 at 13:52 | comment | added | overexchange |
@Alpha3031 OK. sudo -l -U user1 has entry (root) NOPASSWD: /bin/vi /etc/hosts, but not (root) NOPASSWD: /bin/bash. But, am able to say :sh command in sudo vi /etc/hosts that open a shell under whatever user spawned it. Why :sh command allow launching /bin/bash with root?
|
|
| Mar 11, 2018 at 22:52 | comment | added | anon |
@overexchange Because sudo command runs command as root. If that's the command bash, it starts a new terminal as root. If that's the command apt-get install emacs24, it runs apt-get with those arguments, and it runs it as root.
|
|
| Mar 11, 2018 at 14:58 | comment | added | timuzhti |
@overexchange apt does whatever software management and exits. The :sh command in vi opens a shell under whatever user spawned it. That's just what the commands do. You may as well ask why gksu xterm gives you a root terminal while gksu gedit doesn't.
|
|
| Mar 11, 2018 at 14:10 | comment | added | overexchange | @Alpha3031 I need temporary root access, yes. But, my question is, why sudo apt-get make me get root access, when I say whoami? Unlike sudo vi | |
| Mar 11, 2018 at 10:59 | comment | added | timuzhti |
@overexchange Root access is given to apt. Installing software via package management on Linux requires root. What apt does with its root access is up to it, usually it installs software. Similarly, vi can do whatever it does. A much simpler way of becoming root with sudo is sudo su. Sudo is designed to give users temporary, limited root access, so if that's not what you want, don't.
|
|
| Mar 11, 2018 at 4:13 | comment | added | overexchange |
@NicHartley Instead of sudo vi /etc/hosts, let us say, sudo apt-get install emacs24 then I do not get root access, I do not get root access. How do I understand this?
|
|
| Mar 10, 2018 at 18:26 | comment | added | Charles Duffy |
Who configured sudo vi to be allowed without understanding they were giving the user full root privileges?
|
|
| Mar 10, 2018 at 10:24 | history | edited | Gilles 'SO- stop being evil' |
edited tags
|
|
| Mar 10, 2018 at 10:24 | answer | added | Gilles 'SO- stop being evil' | timeline score: 16 | |
| Mar 10, 2018 at 4:15 | comment | added | anon |
If they have access to sudo, they don't even need to go through Vi, they can just directly do sudo bash and, poof, root. "sudo" means "super user do"; if people have access to that, they may as well be root, because they can do anything root can.
|
|
| Mar 10, 2018 at 2:53 | comment | added | Joshua | What am I missing that a non-root user has sudo vi access and you don't expect him to get root? It occurs to me that even if :sh didn't work getting root by opening vi or vi filename is easy. | |
| Mar 10, 2018 at 1:47 | history | edited | Jeff Schaller♦ | CC BY-SA 3.0 |
clarified title
|
| Mar 10, 2018 at 1:44 | answer | added | Jeff Schaller♦ | timeline score: 34 | |
| Mar 10, 2018 at 1:40 | comment | added | John1024 |
Non-root users have that privilege because root gave it to them in the sudoers configuration files. If you have users on your system that you don't trust with such access, edit the sudoers files. See man visudo and man sudoers for more info. (As for why some distributions provides such privileges as a default, I'll leave that to someone else to explain/defend.)
|
|
| Mar 10, 2018 at 1:32 | history | asked | overexchange | CC BY-SA 3.0 |