Open Stack

Chris Jones wrote:
> I agree with your analysis of the effects of the sudoers file and I
> think it makes a great argument for recommending people run the main
> command itself with sudo, rather than a blanket passwordless sudo, but
> really all we need to say is "this tool needs to be run as root" and let
> people make their own decision :) 

Ideally the tool would detect if it's run with root privileges and
prompt for password if it's not. That way you have two options:
- run sudo TOOL (convenient, can run unattended)
- run TOOL and get prompted (less convenient, slightly more secure)

If the tool is run by a real user I don't think it's worth going through
the pain of using rootwrap, although it could be used to implement
smarter privilege escalation rules (like the PathFilter that looks into
canonical paths and is therefore not vulnerable to linking attacks).

-- 
Thierry Carrez (ttx)