tcpdump -z
Marian Hettwer
mh at kernel32.de
Fri Aug 27 16:38:17 UTC 2010
On Fri, 27 Aug 2010 19:20:57 +0300, "Aldis Berjoza" <aldis at bsdroot.lv>
wrote:
> On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer <mh at kernel32.de> wrote:
>
>> On Fri, 27 Aug 2010 15:27:07 +0100, István <leccine at gmail.com> wrote:
>>
>>> Well to be honest i don't see any case when i want to give sudo+tcpdump
>>> access to any user on my box. And those who are admins/roots anyway the >> "su
>>> -" just works perfectly and they can run tcpdump.
>>>
>> Well, that wasn't an answer to my question or the claim of Andy.
>> In fact, if you need to give access to some root-only binaries to a
>> normal user, sudo(8) is the way to go.
>> With "su -" you would allow full root-access, even though you might
>> just want to allow specific commands to an unprivileged user.
>>
>> so. ehm. no!
>> In fact, I would suggest to disable root, so that su - doesn't work at
>> all.
>>
>> ./Marian
>
> Ye, and once sudo is broken (somehow, for whatever reason) you have
> lot's of fun (especially on servers) :D
Well, yeah, if it's up to me, I'd like to see sudo in BASE, as OpenBSD
does it :)
./Marian
More information about the freebsd-security
mailing list