Tool for virtual networks

Casey Deccio casey at deccio.net
Sat Jul 30 15:04:37 UTC 2022


> On Jul 15, 2022, at 9:07 AM, Casey Deccio <casey at deccio.net> wrote:
> 
>> On Jul 15, 2022, at 8:25 AM, J. Hellenthal <jhellenthal at dataix.net> wrote:
>> 
>> For a quick cursory overview of this project, I would urge you to add an adendum or change the following line in the installation documentation...
>> 
>> "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
>> 
>> This is technically influencing bad behavior with sudo for those that are not aware of the security impacts of such decisions.
>> 
>> I'm not one to provide a negative remark usually without suggesting a result that provides a positive impact that can be built upon. So with that said and along the lines of that id suggest adjusting the documentation to contain something of the sorts of a guided only per user or separate group other than "%sudo"... maybe "%cougarnet" and add instructions for creating the group and adding users to that group.
>> 
>> Beyond that... nice project and thank you for your contribution to networking. This may be beyond the scope of just this one mailing list and wish you the best.
> 
> Thanks so much for the feedback. As noted, this is still a work-in-progress. Now that I'm mostly past the proof-of-concept phase of development, and one of my near-term to-do items is to improve least privilege in the code. 

For those that care, I've made some changes, such that this is all that is needed in /etc/sudoers

%cougarnet  ALL=(ALL:ALL) NOPASSWD:SETENV: /usr/libexec/cougarnet/syscmd_helper

https://github.com/cdeccio/cougarnet/pull/14

Cheers,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220730/88db05c5/attachment.html>


More information about the NANOG mailing list