Hacker News new | ask | show | jobs
by sapphire_tomb 781 days ago
My last job was at a UK bank. All our *nix systems were configured with a specific whitelist of commands that could be run via sudo. We found this an enormous pain in the arse when the powers that be decided to deploy ansible everywhere, and found that none of its "become" methods would work if sudo was set up like that.
3 comments
fullstop 781 days ago
I had a job once which had a sudo whitelist, but vi was included. !sh and you had root.
link
TheRealDunkirk 781 days ago
Classic case of #CorporateIT applying white paper "rules" and not understanding what they're doing. If I had a nickel...
link
fullstop 781 days ago
Exactly, forms were filled in and boxes were checked off.
link
acdha 781 days ago
I also liked one where you could `sudo rpm -i`
link
jeremyjh 781 days ago
Those environments could continue to use sudo. I'm sure Red Hat will support it until long after we all dead.
link
WesolyKubeczek 781 days ago
Not even using "su" as become_method? Granted, it would require the root's password, so it's another tradeoff, but...
link