| 1 |
On 2017-05-11 11:15, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> 2. sudo, which frankly is a monumental PITA to maintain - it tends to |
| 4 |
> grow and bloat and the syntax isn't easy to parse in your mind. It |
| 5 |
> also doesn't let you give users access to a certain thing, |
| 6 |
|
| 7 |
If the thing is an object in the filesystem, old fashioned group |
| 8 |
permissions will suffice. |
| 9 |
|
| 10 |
> you have to come up with all the commands that do that, then figure |
| 11 |
> out a regex that matches what you want and nothing you don't want. A |
| 12 |
> real PITA |
| 13 |
|
| 14 |
You can always write a 10 line C program that does nothing but exec() |
| 15 |
the program you need (with full path of course) with the exact arguments |
| 16 |
you need. If some massaging of the args is needed it can be done in a |
| 17 |
script before you enter the suid danger zone. |
| 18 |
|
| 19 |
But yes, I agree sudo is a PITA. |
| 20 |
|
| 21 |
-- |
| 22 |
Please *no* private Cc: on mailing lists and newsgroups |
| 23 |
Personal signed mail: please _encrypt_ and sign |
| 24 |
Don't clear-text sign: |
| 25 |
http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html |
Archives