-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Michael Stone escreveu: :: On Wed, Mar 02, 2005 at 04:19:50PM -0300, Felipe :: Augusto van de Wiel (faw) wrote:
:::: I don't exactly, but, if you already allow your :::: users to use sudo/su solutions, why are you trying to :::: change it and... if you are planning to use any "non :::: encrypted" authentication protocol over the network, :::: your users will have access to things like "root pass".
:: Letting users run tcpdump with root privs opens a lot :: more vulnerabilities than letting them sniff without :: root privs. (E.g., with the sudo approach they can :: clobber or possibly read arbitrary files on the local :: system.) People tend to run around advocating sudo :: everywhere when in fact doing so is *a lot* more :: dangerous than a real least-privilege system.
Just to clarify, I was not advocating sudo, I was just trying to understand why he wants to change the sudo/su solution by something else. :)
- -- ////////// // Felipe Augusto van de Wiel (faw) <[EMAIL PROTECTED]> // GUD-PR / DUG-PR || http://www.debian-pr.org // GUD-BR / DUG-BR || http://www.debian-br.org // Debian Project || http://www.debian.org/ ////////// -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFCJwzuCjAO0JDlykYRAkSLAJ97GepmOXL6x1DTydLWf6nZVVLQLwCePUtH IOjrt7/gQ6wBcVJ3ju0dHxQ= =Ydw9 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
