i know this attitude from previous experience when sysadmins are afraid of using root shell in general.using sudo is uncomfortable starting with this simple example:
$ sudo cat /dev/null >/root/lol bash: /root/lol: Permission denied of course you can work around that but if you say this is efficient i think you are mad :) On Fri, Aug 27, 2010 at 3:32 PM, Marian Hettwer <[email protected]> wrote: > On Fri, 27 Aug 2010 15:27:07 +0100, István <[email protected]> wrote: > > > Well to be honest i don't see any case when i want to give sudo+tcpdump > > access to any user on my box. And those who are admins/roots anyway the > "su > > -" just works perfectly and they can run tcpdump. > > > Well, that wasn't an answer to my question or the claim of Andy. > In fact, if you need to give access to some root-only binaries to a > normal user, sudo(8) is the way to go. > With "su -" you would allow full root-access, even though you might > just want to allow specific commands to an unprivileged user. > > so. ehm. no! > In fact, I would suggest to disable root, so that su - doesn't work at > all. > > ./Marian > > -- the sun shines for all http://l1xl1x.blogspot.com _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
