tcpdump -z
István
leccine at gmail.com
Sat Aug 28 00:41:12 UTC 2010
i know this attitude from previous experience when sysadmins are afraid of
using root shell in general.using sudo is uncomfortable starting with this
simple example:
$ sudo cat /dev/null >/root/lol
bash: /root/lol: Permission denied
of course you can work around that but if you say this is efficient i think
you are mad :)
On Fri, Aug 27, 2010 at 3:32 PM, Marian Hettwer <mh at kernel32.de> wrote:
> On Fri, 27 Aug 2010 15:27:07 +0100, István <leccine at gmail.com> wrote:
>
> > Well to be honest i don't see any case when i want to give sudo+tcpdump
> > access to any user on my box. And those who are admins/roots anyway the
> "su
> > -" just works perfectly and they can run tcpdump.
> >
> Well, that wasn't an answer to my question or the claim of Andy.
> In fact, if you need to give access to some root-only binaries to a
> normal user, sudo(8) is the way to go.
> With "su -" you would allow full root-access, even though you might
> just want to allow specific commands to an unprivileged user.
>
> so. ehm. no!
> In fact, I would suggest to disable root, so that su - doesn't work at
> all.
>
> ./Marian
>
>
--
the sun shines for all
http://l1xl1x.blogspot.com
More information about the freebsd-security
mailing list