You made your point, but since I don't like sudo nor have it installed I'll stick with the other solution :-) Thanks!
"immerrr again..." <[email protected]> wrote: (whoops, first message went out as a direct reply) On 10/25/2011 09:22 PM, Daniel Martí wrote: Wouldn't that be dangerous, to set sudo without any password prompt? The point is to enable that only for certain commands (or absolute paths, sudoers allows that, see the manual). Well, ofc, you need to make sure only read-execute permissions are set on the script. And after that, I think, it's equivalent to the earlier solution, i.e. it's rather safe unless someone has root permissions to chmod/change/overwrite the script. Binary files induce some more security by obscurity (you need to read & understand disassembly to understand what's happening), but one still can "cat" the necessary contents into setuid-enabled file if root account is compromised. -- Cheers, immerrr
