1 |
On 2017-05-11 11:15, Alan McKinnon wrote: |
2 |
|
3 |
> 2. sudo, which frankly is a monumental PITA to maintain - it tends to |
4 |
> grow and bloat and the syntax isn't easy to parse in your mind. It |
5 |
> also doesn't let you give users access to a certain thing, |
6 |
|
7 |
If the thing is an object in the filesystem, old fashioned group |
8 |
permissions will suffice. |
9 |
|
10 |
> you have to come up with all the commands that do that, then figure |
11 |
> out a regex that matches what you want and nothing you don't want. A |
12 |
> real PITA |
13 |
|
14 |
You can always write a 10 line C program that does nothing but exec() |
15 |
the program you need (with full path of course) with the exact arguments |
16 |
you need. If some massaging of the args is needed it can be done in a |
17 |
script before you enter the suid danger zone. |
18 |
|
19 |
But yes, I agree sudo is a PITA. |
20 |
|
21 |
-- |
22 |
Please *no* private Cc: on mailing lists and newsgroups |
23 |
Personal signed mail: please _encrypt_ and sign |
24 |
Don't clear-text sign: |
25 |
http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html |