1 |
swift 05/08/03 08:13:40 |
2 |
|
3 |
Modified: xml/htdocs/doc/en sudo-guide.xml |
4 |
Log: |
5 |
No wrappers either, just do not grant sudo access to users you do not trust completely |
6 |
|
7 |
Revision Changes Path |
8 |
1.4 +9 -6 xml/htdocs/doc/en/sudo-guide.xml |
9 |
|
10 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.4&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
11 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml?rev=1.4&content-type=text/plain&cvsroot=gentoo |
12 |
diff : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/sudo-guide.xml.diff?r1=1.3&r2=1.4&cvsroot=gentoo |
13 |
|
14 |
Index: sudo-guide.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v |
17 |
retrieving revision 1.3 |
18 |
retrieving revision 1.4 |
19 |
diff -u -r1.3 -r1.4 |
20 |
--- sudo-guide.xml 2 Aug 2005 19:23:28 -0000 1.3 |
21 |
+++ sudo-guide.xml 3 Aug 2005 08:13:40 -0000 1.4 |
22 |
@@ -1,6 +1,6 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
|
25 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.3 2005/08/02 19:23:28 swift Exp $ --> |
26 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/sudo-guide.xml,v 1.4 2005/08/03 08:13:40 swift Exp $ --> |
27 |
|
28 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
29 |
|
30 |
@@ -22,8 +22,8 @@ |
31 |
<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> |
32 |
<license/> |
33 |
|
34 |
-<version>1.1</version> |
35 |
-<date>2005-08-02</date> |
36 |
+<version>1.2</version> |
37 |
+<date>2005-08-03</date> |
38 |
|
39 |
<chapter> |
40 |
<title>About Sudo</title> |
41 |
@@ -130,11 +130,14 @@ |
42 |
application that can allow people to elevate privileges. For instance, allowing |
43 |
users to execute <c>emerge</c> as root can indeed grant them full root access |
44 |
to the system because <c>emerge</c> can be manipulated to change the live file |
45 |
-system in the user his advantage. Trust your users, or use a <e>wrapper</e> |
46 |
-instead: a script that limits the use of the application to a known set of |
47 |
-safe instructions. |
48 |
+system in the user his advantage. If you do not trust your <c>sudo</c> users, |
49 |
+don't grant them any rights. |
50 |
</p> |
51 |
|
52 |
+<!-- |
53 |
+ Wrappers are no real advantage here either, see #71750 |
54 |
+--> |
55 |
+ |
56 |
<p> |
57 |
The user name can also be substituted with a group name - in this case you |
58 |
should start the group name with a <c>%</c> sign. For instance, to allow any |
59 |
|
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-doc-cvs@g.o mailing list |