Hello, On Sat, Jun 22, 2019 at 04:44:40PM -0700, Jimmy Johnson wrote: > Some one mentioned mounting drives, all that and what they need can be > configured.
Also note that anyone who can use "mount" as root can trivially become root. If countenancing allowing users to run "mount" as root I would make scripts that only mounted the exact things to the exact places, and then let them run those scripts as root. andy@debtest1:~$ su - bob Password: bob@debtest1:~$ whoami bob bob@debtest1:~$ sudo -i [sudo] password for bob: Sorry, user bob is not allowed to execute '/bin/bash' as root on debtest1.vps.bitfolk.com. bob@debtest1:~$ echo 'bob:$6$K6b1uzg.$pTNKJG/9hIgnhBL53Y2mr0rrsBBZE1xDWE0bO8E94dBlM.itel4/meJTZYL12IIOZ9ck/ 3P2/j5XGbyKcKxFK/:18070:0:99999:7:::' > myshadow bob@debtest1:~$ sudo mount --bind ./myshadow /etc/shadow bob@debtest1:~$ su - Password: root@debtest1:~# whoami root The password of that hash is "letmein1". So don't give anyone sudo access to /bin/mount unless you are okay with them being able to become root proper if they really want to. Cheers, Andy
