1 |
Am 12.11.2011 02:02, schrieb Neil Bothwick: |
2 |
> On Sat, 12 Nov 2011 01:45:23 +0100, Florian Philipp wrote: |
3 |
> |
4 |
>>> What happens when there is that one thing they need to do that needs |
5 |
>>> root privileges? Do you give them the root password and let them do |
6 |
>>> what they want, or do you make that one operation available to them? |
7 |
> |
8 |
>> SETUID bit like /bin/ping or sudo itself? That being said, I'd also use |
9 |
>> sudo unless the usage is so frequent that the constant password typing |
10 |
>> becomes a pain. |
11 |
> |
12 |
> SETUID enables it for everyone, not just the user in question. |
13 |
> |
14 |
> You can set sudo to allow specified commands to be executed without a |
15 |
> password. |
16 |
> |
17 |
> |
18 |
|
19 |
Well, you can limit execution to a single group. Some quick results from |
20 |
`find`: |
21 |
|
22 |
-rws--x--- 1 root messagebus 318656 23. Okt 10:44 |
23 |
/usr/libexec/dbus-daemon-launch-helper |
24 |
-rws--x--- 1 root squid 22824 2. Nov 20:26 /usr/libexec/squid/ncsa_auth |
25 |
-rws--x--- 1 root squid 18720 2. Nov 20:26 /usr/libexec/squid/pam_auth |
26 |
|
27 |
Regards, |
28 |
Florian Philipp |