Hi Abel the two first solutions are equivalent: if there is un exploit, it will inherit the UID 0 rights of the running process (ouch). The third solution doesnt grant any rights to any process, so I think it is the most convenient. ++ (and please avoid posting in HTML next time ;) )
-----Message d'origine----- De : Abel Martín [mailto:[EMAIL PROTECTED] Envoyé : mardi 3 octobre 2006 11:03 À : [email protected] Objet : Running files with elevated privileges: SUID or sudo? Hi list. I have to deploy wpasupplicant and wpagui debian packages on a large amount of computers with special predefined config files. wpa_gui has to be executed by unprivileged users. The problem is that wpa_gui needs to be run with elevated privileges to read WPA settings from a socket opened by wpa_supplicant. My question is, which approach do you find better: setting on wpa_gui SUID bit or allowing regular users to run it via sudo without password? Or do you think it is better creating a group, granting execution on wpa_gui for this group and adding users to this group? In any case and for the sake of time I would like to do this modifying the original packages involved or creating a configuration meta-package. Thanks!
