From owner-freebsd-questions@FreeBSD.ORG Sun May 15 10:18:27 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBE12106566B for ; Sun, 15 May 2011 10:18:27 +0000 (UTC) (envelope-from christopher-ml@telting.org) Received: from mail.telting.org (mail.telting.org [204.109.56.249]) by mx1.freebsd.org (Postfix) with ESMTP id C4B128FC12 for ; Sun, 15 May 2011 10:18:27 +0000 (UTC) Received: from ares.local (cpe-76-168-204-255.socal.res.rr.com [76.168.204.255]) by mail.telting.org (Postfix) with ESMTP id D3C2D28466; Sun, 15 May 2011 10:18:26 +0000 (UTC) Message-ID: <4DCFA872.9050208@telting.org> Date: Sun, 15 May 2011 03:18:26 -0700 From: Chris Telting User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.17) Gecko/20110429 Thunderbird/3.1.10 MIME-Version: 1.0 To: Alejandro Imass References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <4DCD02EF.7050808@telting.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2011 10:18:28 -0000 On 05/13/2011 14:34, Alejandro Imass wrote: > On Fri, May 13, 2011 at 6:07 AM, Chris Telting > wrote: >> On 05/13/2011 01:32, krad wrote: > [...] >> me ask you.. is "sudo ping" acceptable? Please explain the logical reason >> why not. It would be the preferred method if suid didn't exist and sudo was >> part of the base system. > The sudo versus suid theme is discussed ad-nauseam in many lists and > forums, as well as the C wrappers for doing stuff suid. > IMHO, however, sudo can give you more granular control though > paradoxically relies on suid itself. > The question here is why make the whole freaking interpreter suid when > you can granularly control the specific script. > Anyway, I would personally use a wrapper or sudo. I honestly tried when I posted the question to avoid the question of right or wrong. I simply have one opinion for my own need and preference and don't want to go into rigid detail and did not mean to reopen the issue. I simply wanted to know if anyone had a patch already or a flag enabled it. It's similar to the phrase that if you have to ask you can't afford it except in this case it means you can. I have a feeling someone somewhere did it. If no one comes forward I will post a proper patch for review and maintain documentation of the pitfalls to the extent I can and that others forward to me. I have no desire to change Freebsd's standard practice. I leave that to the steering committee of each and every distribution of unix like systems. I am simply grateful to be able to make my development systems work the way I want it to because I want it to. It's a question of complete phylosophy to me as to the base unix permissions system. I simply know what appeals most to me the way that I use systems. We all love Freebsd because it means choice. I apologize to anyone that thinks I reopened a can of worms and wasted time, it was not my goal.