2

(I asked the same question on https://superuser.com/ One person recommended me to use this website instead of super user. I hope this question is quite apporopriate here and I can get more detailed information.)

I learned about the way to prevent risks caused by these configurations:

user_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf

or

%group_name ALL=(ALL) /usr/bin/vim /etc/httpd/confs/httpd.conf

If I write these scripts in /etc/sudoers, serious damage to the server can happen. I have obtained one opinion which recommended I use vim -Z.

I googled vim -Z and found some facts. It is similar to (the same as?) rvim. However, vim -Z still allows us to use some commands. In order to prevent normal users from executing commands, we have to add several scripts in .vimrc.

To be honest, I do not understand fully what commands we cannot use in restricted mode. I found this website, but this only mentions vim although its title is rvim... http://linux.about.com/library/cmd/blcmdl1_rvim.htm

Could you tell me what settings are necessay to enable normal users to use sudo vim -Z (or sudo rvim) securely.

Community
  • 1
aob
  • 123
  • 4
  • Assuming it's only the sudoers file you want to edit, why not use [visudo](http://manpages.ubuntu.com/manpages/dapper/man8/visudo.8.html)? – S.L. Barth Jan 16 '15 at 09:28
  • No. It is wrong. I would like to allow other users to edit some files (excluding sudoers). – aob Jan 16 '15 at 16:34
  • 1
    The risks involved in such a command are more than they appear. It's true that you could reduce risks by using the `-Z` flag, so you won't be allowed to execute commands or create a shell inside `vim`, but there is still the risk that the user opens another file as root (like `:r /etc/passwd`), bypassing your initial filter. – NuTTyX Jan 16 '15 at 17:21
  • I understand I should not use sudo rivm... It seems too complicated. I appriciate your answer and avoid using sudo rvim. – aob Jan 17 '15 at 17:50

1 Answers1

3

Instead of running the vim in privileged mode and then mitigating vulnerabilities arised from it, what about just using correct file permissions? If plain UNIX permissions are not enough, you might want to use ACL.

Since users can do arbitrary file modifications in vim and they will not have to use sudo, I don't see any important security or comfort advantage of using sudo. (Except that users can be forced to re-enter the password.) On the other hand, permissions are just simple, user can choose its own editor with any settings (just for comfort, not for security) and it is clear there are not general pitfalls with permission escalations. (It, however, depends on files allowed ti edit.)

v6ak
  • 609
  • 5
  • 12
  • 2
    For an example of how this can be done with plain UNIX permissions, you could create a group for people who should be able to administer the server and set the conf file to be owned by that group. – cpast Jan 16 '15 at 17:57
  • Thank you. Making a new group seems the best way because I do not have to care about risks which rvim can cause. – aob Jan 17 '15 at 17:51