Tool for virtual networks
Casey Deccio
casey at deccio.net
Sat Jul 30 15:04:37 UTC 2022
> On Jul 15, 2022, at 9:07 AM, Casey Deccio <casey at deccio.net> wrote:
>
>> On Jul 15, 2022, at 8:25 AM, J. Hellenthal <jhellenthal at dataix.net> wrote:
>>
>> For a quick cursory overview of this project, I would urge you to add an adendum or change the following line in the installation documentation...
>>
>> "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
>>
>> This is technically influencing bad behavior with sudo for those that are not aware of the security impacts of such decisions.
>>
>> I'm not one to provide a negative remark usually without suggesting a result that provides a positive impact that can be built upon. So with that said and along the lines of that id suggest adjusting the documentation to contain something of the sorts of a guided only per user or separate group other than "%sudo"... maybe "%cougarnet" and add instructions for creating the group and adding users to that group.
>>
>> Beyond that... nice project and thank you for your contribution to networking. This may be beyond the scope of just this one mailing list and wish you the best.
>
> Thanks so much for the feedback. As noted, this is still a work-in-progress. Now that I'm mostly past the proof-of-concept phase of development, and one of my near-term to-do items is to improve least privilege in the code.
For those that care, I've made some changes, such that this is all that is needed in /etc/sudoers
%cougarnet ALL=(ALL:ALL) NOPASSWD:SETENV: /usr/libexec/cougarnet/syscmd_helper
https://github.com/cdeccio/cougarnet/pull/14
Cheers,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220730/88db05c5/attachment.html>
More information about the NANOG
mailing list