> On Jul 15, 2022, at 9:07 AM, Casey Deccio <ca...@deccio.net> wrote: > >> On Jul 15, 2022, at 8:25 AM, J. Hellenthal <jhellent...@dataix.net> wrote: >> >> For a quick cursory overview of this project, I would urge you to add an >> adendum or change the following line in the installation documentation... >> >> "%sudo ALL=(ALL:ALL) NOPASSWD: ALL" >> >> This is technically influencing bad behavior with sudo for those that are >> not aware of the security impacts of such decisions. >> >> I'm not one to provide a negative remark usually without suggesting a result >> that provides a positive impact that can be built upon. So with that said >> and along the lines of that id suggest adjusting the documentation to >> contain something of the sorts of a guided only per user or separate group >> other than "%sudo"... maybe "%cougarnet" and add instructions for creating >> the group and adding users to that group. >> >> Beyond that... nice project and thank you for your contribution to >> networking. This may be beyond the scope of just this one mailing list and >> wish you the best. > > Thanks so much for the feedback. As noted, this is still a work-in-progress. > Now that I'm mostly past the proof-of-concept phase of development, and one > of my near-term to-do items is to improve least privilege in the code.
For those that care, I've made some changes, such that this is all that is needed in /etc/sudoers %cougarnet ALL=(ALL:ALL) NOPASSWD:SETENV: /usr/libexec/cougarnet/syscmd_helper https://github.com/cdeccio/cougarnet/pull/14 Cheers, Casey
