On 2013/05/16 18:01, Jiri B wrote: > On Thu, May 16, 2013 at 08:39:41PM +0100, Stuart Henderson wrote: > > On 2013/05/16 14:10, Jiri B wrote: > > > Is it wise to allow every user execute zzz? If apmd > > > is running this makes machine suspend, works even via > > > ssh. > > > > restricting the binary permissions is pointless. > > > > restricting the permissions on /var/run/apmdev on the other hand, > > would be a good idea....I wonder if someone already thought of that! :-) > > Ah, the group is 'wheel' on the socket. One normally doesn't > assign "other" users to wheel group. So I think it's ok, forget > my previous approach.
btw, the problem with your previous approach is that someone can just place their own copy of zzz on the system and run it.
