| 1 |
Am 12.11.2011 02:02, schrieb Neil Bothwick: |
| 2 |
> On Sat, 12 Nov 2011 01:45:23 +0100, Florian Philipp wrote: |
| 3 |
> |
| 4 |
>>> What happens when there is that one thing they need to do that needs |
| 5 |
>>> root privileges? Do you give them the root password and let them do |
| 6 |
>>> what they want, or do you make that one operation available to them? |
| 7 |
> |
| 8 |
>> SETUID bit like /bin/ping or sudo itself? That being said, I'd also use |
| 9 |
>> sudo unless the usage is so frequent that the constant password typing |
| 10 |
>> becomes a pain. |
| 11 |
> |
| 12 |
> SETUID enables it for everyone, not just the user in question. |
| 13 |
> |
| 14 |
> You can set sudo to allow specified commands to be executed without a |
| 15 |
> password. |
| 16 |
> |
| 17 |
> |
| 18 |
|
| 19 |
Well, you can limit execution to a single group. Some quick results from |
| 20 |
`find`: |
| 21 |
|
| 22 |
-rws--x--- 1 root messagebus 318656 23. Okt 10:44 |
| 23 |
/usr/libexec/dbus-daemon-launch-helper |
| 24 |
-rws--x--- 1 root squid 22824 2. Nov 20:26 /usr/libexec/squid/ncsa_auth |
| 25 |
-rws--x--- 1 root squid 18720 2. Nov 20:26 /usr/libexec/squid/pam_auth |
| 26 |
|
| 27 |
Regards, |
| 28 |
Florian Philipp |
Archives