On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer <[email protected]> wrote:
On Fri, 27 Aug 2010 15:27:07 +0100, István <[email protected]> wrote:
Well to be honest i don't see any case when i want to give sudo+tcpdump
access to any user on my box. And those who are admins/roots anyway the
"su
-" just works perfectly and they can run tcpdump.
Well, that wasn't an answer to my question or the claim of Andy.
In fact, if you need to give access to some root-only binaries to a
normal user, sudo(8) is the way to go.
With "su -" you would allow full root-access, even though you might
just want to allow specific commands to an unprivileged user.
so. ehm. no!
In fact, I would suggest to disable root, so that su - doesn't work at
all.
./Marian
Ye, and once sudo is broken (somehow, for whatever reason) you have lot's
of fun (especially on servers) :D
--
Aldis Berjoza
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
