Re: Tool for virtual networks

[Casey Deccio <casey () deccio net>]

> On Jul 15, 2022, at 9:07 AM, Casey Deccio <casey () deccio net> wrote:
>
> > On Jul 15, 2022, at 8:25 AM, J. Hellenthal <jhellenthal () dataix net> wrote:
> >
> > For a quick cursory overview of this project, I would urge you to add an adendum or change the following line in the 
> > installation documentation...
> >
> > "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
> >
> > This is technically influencing bad behavior with sudo for those that are not aware of the security impacts of such 
> > decisions.
> >
> > I'm not one to provide a negative remark usually without suggesting a result that provides a positive impact that 
> > can be built upon. So with that said and along the lines of that id suggest adjusting the documentation to contain 
> > something of the sorts of a guided only per user or separate group other than "%sudo"... maybe "%cougarnet" and add 
> > instructions for creating the group and adding users to that group.
> >
> > Beyond that... nice project and thank you for your contribution to networking. This may be beyond the scope of just 
> > this one mailing list and wish you the best.
>
> Thanks so much for the feedback. As noted, this is still a work-in-progress. Now that I'm mostly past the 
> proof-of-concept phase of development, and one of my near-term to-do items is to improve least privilege in the code. 

For those that care, I've made some changes, such that this is all that is needed in /etc/sudoers

%cougarnet  ALL=(ALL:ALL) NOPASSWD:SETENV: /usr/libexec/cougarnet/syscmd_helper

https://github.com/cdeccio/cougarnet/pull/14

Cheers,
Casey