top | item 46806725

(no title)

I deal with some regulated things and some users who usually wouldnt be allowed to see/work on a thing are granted special access to do so, with extreme limitations. Recently i was approached asking if we could strip down the users desktops to no gui, no sudo, for use as a jumpbox. I explained why users need sudo to do what they need, and was asked about limiting sudo.

Its really tough to tell someone who is all about security (not linux security but regulatory security and such) that basically granting any bit of sudo access can lead to full access.

There is a way that this can be handled, but its honestly sort of an afterthought functionality. facls. You can delegate multiple owners/groups and permissions for things, and it can work well, but you have to deal with facls on multiple fronts, setting them for basically the entire system. facls are great, in theory, but they feel like such an afterthought that they are often ignored.

discuss

bloppe|1 month ago

You could provide decently meaningful and targeted sandboxing using mount namespaces and an overlay FS, while retaining sudo privileges for what you need to do.