tcpdump -z

István leccine at
Sat Aug 28 00:41:12 UTC 2010

i know this attitude from previous experience when sysadmins are afraid of
using root shell in general.using sudo is uncomfortable starting with this
simple example:

$ sudo cat /dev/null >/root/lol
bash: /root/lol: Permission denied

of course you can work around that but if you say this is efficient i think
you are mad :)

On Fri, Aug 27, 2010 at 3:32 PM, Marian Hettwer <mh at> wrote:

> On Fri, 27 Aug 2010 15:27:07 +0100, István <leccine at> wrote:
> > Well to be honest i don't see any case when i want to give sudo+tcpdump
> > access to any user on my box. And those who are admins/roots anyway the
> "su
> > -" just works perfectly and they can run tcpdump.
> >
> Well, that wasn't an answer to my question or the claim of Andy.
> In fact, if you need to give access to some root-only binaries to a
> normal user, sudo(8) is the way to go.
> With "su -" you would allow full root-access, even though you might
> just want to allow specific commands to an unprivileged user.
> so. ehm. no!
> In fact, I would suggest to disable root, so that su - doesn't work at
> all.
> ./Marian

the sun shines for all

More information about the freebsd-security mailing list