-1

How to protect my passwords list (in different databases for example) in a UNIX environment where most of the users have sudo access to other user IDs?

I have a script (main.sh) with the following content in my $HOME:

$ cat main.sh

mysql --skip-column-names -hmysql_host -umy_user -pmy_password -ADmysql_db << EOF >> /home/my_user/mysql.log
select current_date;
EOF

when another user (another_user) tries sudo su - my_user, then he/she is able to see my passwords for the MySQL database.

Even if I put the password in .bashrc and access it through some variable in my script, he/she will be able to see my password in the .bashrc file.

How can I protect my MySQL password from that user another_user?

dawud
  • 15,096
  • 3
  • 42
  • 61
ganesan0712
  • 13
  • 2
  • 1
    Have a look at this to help improve your question http://meta.serverfault.com/questions/3608/how-can-i-ask-better-questions-on-server-fault – Drew Khoury Apr 27 '14 at 04:02

2 Answers2

5

When you give someone sudo access you are implicitly trusting them. If you don't trust them then don't give them unrestricted sudo access or limit their access with a list of commands they are allowed to run.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • Is it possible for me to restrict any file access in home directory? – ganesan0712 Apr 27 '14 at 06:20
  • 4
    If they have complete root access, whether via sudo or otherwise, then they can see everything. Even if you managed to protect your files, they could still run e.g. tcpdump and get the passwords that way. The moral here is that if you don't trust them, don't give them root. – Jenny D Apr 27 '14 at 06:31
4

Since everyone who has root also per definitions has access to all files on the server - no, you can't. If you don't trust the people who have root, then you shouldn't run anything sensitive from that server.

You can still protect your MySQL server, though. You can use specific accounts for specific things, so that if you e.g. have a script that does a lookup, the account used for that can't also be used to delete things. You can allow access for an account only from one IP address, so that even if someone gets your password, they can still only use it from that one machine. Or you could set it up so that the script/cron job runs on the MySQL server instead, and have it connect to the other server to get the data it needs e.g. by using passwordless SSH keys.

You should be looking at these things even if you don't worry about the other sudo users - because even if you trust everyone with root on the server to not be malicious, you still cannot be certain that they won't make mistakes leading to the server being compromised, and you don't want any third party attacker to have unfettered access to your database.

Jenny D
  • 27,780
  • 21
  • 75
  • 114