1 |
gentoo-security@l.g.o |
2 |
|
3 |
(Sorry, Mr. Aleksandrovich, and possibly other people, for the double |
4 |
post. I wasn't paying attention, and gmail is being indecisive) |
5 |
|
6 |
Well, call me precaffeinated if you must, but if you're only using it |
7 |
locally, and also have root login, you can make it passwordless, so |
8 |
that no one can use it to login, and only root can do a su emerge, but |
9 |
it's a bit of a weird thing to do. |
10 |
But as I recall, you can specify, in sudoers, the ability for |
11 |
*specific* users to su to *specific* other users. So I don't seen a |
12 |
reason you couldn't make a 'sudo su emerge' work with a passwordless |
13 |
emerge account. |
14 |
|
15 |
It's a little moot, because you want them to only have temporary full |
16 |
(read: root) access while emerging, and that's -never- going to be |
17 |
secure, you might as well give them admin rights and get it over with, |
18 |
rather than hacking funky effective-group running combined with sudo |
19 |
or something odd like that. |
20 |
|
21 |
(at uni we used to have test systems, for things like kernel module |
22 |
development, that had a 'sudo su root' option. *waits for minds to |
23 |
boggle* Yeah. I still don't get exactly why. I mean, assuming there's |
24 |
a vague point to sudo su nonroot, there's basically none to sudo su |
25 |
root. Perhaps in this case, where you cold enable specific users to do |
26 |
that, but on these systems anyone could, iirc...) |
27 |
|
28 |
--Bart Alewijnse |
29 |
|
30 |
-- |
31 |
gentoo-security@g.o mailing list |