1

I have read on the internet that you have to use sudoedit instead of sudo vim. I understand why this is and should be used so you can't just edit root-user files.

However I would like to manage a nologin user (service account that run a single application) let's call her 'nologinuser' with my own non-root account. For this I would need the correct rights in the sudoers file.

I have been in discussion with 2 Linux system managers and both disagree.

Linux admin A says: you should create a sudoedit rule for every config file and a sudo rule for every command.

Linux admin B says: Just create a sudo rule that allows you to read/write/execute everything as that user with "sudo -u nologinuser *"

Personally I agree with admin B because with "sudo -u nologinuser " you can execute every command as that user only, and through this command you also inhered that user his rights because you execute it as that user. This would also not cause a security issue in the ability of changing root-user files because nothing is done as root and it is most flexible.

Who is right, or is there a third better option? Who can tell me the best practice in this. What is the best way to manage a nologin application user as non-root?

Thank you.

Improve this question

1 Answer 1

Reset to default
2

  • Linux admin A's plan is a bit more restrictive, and forces you to think a bit about what commands and files require such access. The result will be a bunch of permitted commands and documentation that have configuration lines in your sudoers file. Those configuration lines are essentially documentation.
    • Advantages for this approach: The principle of least privilege would suggest that minimizing such permissions is better. Also, you have more detailed documentation, in the end. These things can be nicer, and considered beneficial for security.
  • Linux admin B's plan is simpler. If you're not afraid of the consequences of running "sudo -u nologinuser sh" then there may not be a bunch of security concerns to be afraid of.
    • Advantages for this approach: Simpler is easier to audit, and more easily understood. These things can be nicer, and considered beneficial for security.

The main significant drawback to Linux admin A's plan is that it will require more time/effort, particularly to set up. If you don't know the precise details, then you will need to figure out such details, which may take a little bit more time/effort, or a ridiculously infeasible amount of time/effort. You may decide that such costs are not worth the benefit.

In conclusion: Both perspectives have some merit. Which you value more will be up to whoever is in charge (which sounds like may be you). In such cases, individual decisions in such scenarios are a key reason why trustable people are placed in the positions of making such decisions. (These types of scenarios may also be why expert the computer programmers in this world haven't yet managed to automate more of the design processes than they have.) So, you get to decide (and be prepared to take responsibility for whatever you are responsible over).

Since you asked about a third option, here's one: you use a custom web site that you log into over HTTPS, and then automation updates only the desired files, or run only the desired applications, rather than you manually needing to run "sudo" (or the sudoedit variation) at a command line. That can also be suitably secure, if done right.

As this question is about higher-end security, rather than what many common end users encounter on a daily basis, such questions may be more suited for ServerFault.com (or perhaps Information Security or ) rather than SuperUser.com. Although, since both perspectives do have merit, there isn't one that is absolutely completely right or wrong, which ends up making this be a bit more opinion-based, and not the best type of question for any of these sites.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .