Menu
▾
▴
Re: [webmin-l] Webmin security issue
|
From: Waleed A. <w....@gm...> - 2017-04-23 21:16:47
|
>Sudo-capable users having full root access in Webmin is expected .. >because they can run any command as root when logging in via SSH, >there's no security risk to them having root access in Webmin as well. Thanks Jamie, But they do not login via SSH. We installed Webmin to allow them to use it instead of ssh. >The first question is WHY these users have sudo access in first place? We want them to manage some activities in the server (starting up, shutdown, some files in the /var/www dir ... etc). However, the risk is that they have a full access to the user's command history and they can view their proxy credential in the settings of the environment variables! Regards, On Sun, Apr 23, 2017 at 10:52 PM, Andrey Repin <anr...@ya...> wrote: > Greetings, Waleed Alsanie! > > > Unfortunately, users with sudo access can get the setting of the > environment > > variables of the other users through this unlimited access! > > The first question is WHY these users have sudo access in first place? > > > -- > With best regards, > Andrey Repin > Sunday, April 23, 2017 22:52:12 > > Sorry for my terrible english... > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > - > Forwarded by the Webmin mailing list at webadmin-list@lists. > sourceforge.net > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > |
