Raphael Geissert <[email protected]> writes: > Jonas Meurer wrote:
>> cryptdisks and cryptdisks-early initscripts both need to be started >> before any (non-root) filesystem is mounted. still, i added a check for >> /usr/bin/id in the initscripts in order to warn normal users that they >> need root privileges when they execute the initscript. > First of all I'm curious as to why you are adding that check. Only a > few, rare, init scripts do that. > I'm actually surprised that policy doesn't say a word about this. I > don't think there's any reason to introduce such a technical blockage > (that can be bypassed until the point where the special privileges are > actually needed.) > Russ, what do you think? (with your policy hat on :) I agree, and I see Jonas is already convinced. I'm not sure that the capabilities system is usable enough that anyone would do this right now, but it should be possible to grant a non-root user the capabilities to run particular init scripts and there may be some times when that's more useful than using sudo. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
