1 |
Hmmm, this is interesting. |
2 |
|
3 |
So for example I would like to get rid of sudo and replace its behavior with |
4 |
su. How to: |
5 |
1. log all root commands (some clever "auditallow" rule?); |
6 |
2. do not need to know root password; |
7 |
|
8 |
|
9 |
Petre Rodan wrote: |
10 |
>> For example - I have to edit /etc/fstab. So I have two choices: |
11 |
>> $ newrole -r sysadm |
12 |
>> $ su - |
13 |
>> # vi /etc/fstab |
14 |
>> (or "$ su - -c 'vi /etc/fstab'") |
15 |
>> or |
16 |
>> $ newrole -r sysadm // or something else |
17 |
>> $ sudo vi /etc/fstab |
18 |
>> |
19 |
>> And the first choice is better from security point of view? |
20 |
> |
21 |
> IMHO, yes. |
22 |
|
23 |
|
24 |
-- |
25 |
Krzysztof Kozłowski |
26 |
http://www.kozik.net.pl |
27 |
|
28 |
|
29 |
-- |
30 |
gentoo-hardened@g.o mailing list |