tcpdump -z
Marian Hettwer
mh at kernel32.de
Fri Aug 27 14:32:21 UTC 2010
On Fri, 27 Aug 2010 15:27:07 +0100, István <leccine at gmail.com> wrote:
> Well to be honest i don't see any case when i want to give sudo+tcpdump
> access to any user on my box. And those who are admins/roots anyway the "su
> -" just works perfectly and they can run tcpdump.
>
Well, that wasn't an answer to my question or the claim of Andy.
In fact, if you need to give access to some root-only binaries to a
normal user, sudo(8) is the way to go.
With "su -" you would allow full root-access, even though you might
just want to allow specific commands to an unprivileged user.
so. ehm. no!
In fact, I would suggest to disable root, so that su - doesn't work at
all.
./Marian
More information about the freebsd-security
mailing list