Skip to content

Security: abdustartus/sudo-buddy

Security

SECURITY.md

Security Model

sudo-buddy is designed using the principle of least privilege.

Instead of allowing full sudo access, only explicitly defined commands are permitted without password.

This prevents privilege escalation while still enabling automation.

How It Works

The project installs a restricted sudoers configuration:

  • specific commands allowed
  • full command paths enforced
  • no wildcard usage
  • no shell access
  • no file system browsing

This ensures automation remains safe.

Allowed Commands

Package Management

/usr/bin/apt update
/usr/bin/apt upgrade -y
/usr/bin/apt autoremove -y
/usr/bin/apt clean

These commands allow safe system maintenance.

Service Restart

Only specific services allowed:

/bin/systemctl restart docker
/bin/systemctl restart NetworkManager

This prevents restarting arbitrary system services.

Log Cleanup

Restricted journal cleanup:

/usr/bin/journalctl --vacuum-time=7d
/usr/bin/journalctl --vacuum-size=100M

No unrestricted journalctl access.

What Is NOT Allowed

The following are intentionally blocked:

Shell Access

sudo bash
sudo sh
sudo zsh
sudo su

These would give full root access.

Editors

sudo vim
sudo nano
sudo vi

Editors allow modifying system files.

Generic systemctl

sudo systemctl
sudo systemctl restart <anything>

Only whitelisted services allowed.

File System Access

sudo cp
sudo mv
sudo rm

These could modify system files.

Why This Is Safe

This project enforces:

  • exact command matching
  • full executable paths
  • no argument wildcards
  • limited service restart
  • restricted cleanup commands

Even if scripts are modified, sudo still enforces rules.

Audit Logging

All operations logged to:

~/.local/logs/

Files:

  • update.log
  • cleanup.log

This allows reviewing executed commands.

Removing Access

To disable passwordless sudo:

sudo rm /etc/sudoers.d/apt-nopasswd

Changes take effect immediately.

Validate Configuration

Check sudoers syntax:

sudo visudo -c

Expected output:

parsed OK

Best Practices

Recommended:

  • keep sudoers file minimal
  • allow only required commands
  • avoid wildcards
  • avoid shell access
  • audit logs periodically

Avoid:

  • ALL commands
  • full systemctl access
  • editor access
  • scripting inside sudoers

Threat Model

This setup protects against:

  • accidental privilege escalation
  • malicious script edits
  • PATH hijacking
  • unrestricted sudo usage

This does NOT protect against:

  • malicious root user
  • compromised user account
  • kernel level attacks

Principle Used

This project follows:

Least Privilege Principle

Only required capabilities are granted.

There aren't any published security advisories