Date: Fri, 27 Aug 2010 17:38:14 +0100 From: Marian Hettwer <mh@kernel32.de> To: Aldis Berjoza <aldis@bsdroot.lv> Cc: Andy Kosela <akosela@andykosela.com>, Pieter, vadim_nuclight@mail.ru, freebsd-security@freebsd.org, de Boer <pieter@thelostparadise.com>, =?UTF-8?Q?Istv=C3=A1n?= <leccine@gmail.com> Subject: Re: tcpdump -z Message-ID: <2d1a9e69fe9c17161df35fd248a40882@localhost> In-Reply-To: <op.vh3uc7w5mezb8j@dekstop.pc> References: <slrni7eu1h.21lb.vadim_nuclight@kernblitz.nuclight.avtf.net> <4C77A267.10102@thelostparadise.com> <AANLkTim1frPvChMJfDLnHe6LW3HnR=AWeYcCsf-tx3V-@mail.gmail.com> <5d88fc9506514cabc7390e66a1f9872f@localhost> <AANLkTikgbBzUmd0fBaGfQQqR_SFXA82yhBk0WAffX-Si@mail.gmail.com> <b9de3a5a374944a6b6d3ad8605bab663@localhost> <op.vh3uc7w5mezb8j@dekstop.pc>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Aug 2010 19:20:57 +0300, "Aldis Berjoza" <aldis@bsdroot.lv> wrote: > On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer <mh@kernel32.de> wrote: > >> On Fri, 27 Aug 2010 15:27:07 +0100, István <leccine@gmail.com> wrote: >> >>> Well to be honest i don't see any case when i want to give sudo+tcpdump >>> access to any user on my box. And those who are admins/roots anyway the >> "su >>> -" just works perfectly and they can run tcpdump. >>> >> Well, that wasn't an answer to my question or the claim of Andy. >> In fact, if you need to give access to some root-only binaries to a >> normal user, sudo(8) is the way to go. >> With "su -" you would allow full root-access, even though you might >> just want to allow specific commands to an unprivileged user. >> >> so. ehm. no! >> In fact, I would suggest to disable root, so that su - doesn't work at >> all. >> >> ./Marian > > Ye, and once sudo is broken (somehow, for whatever reason) you have > lot's of fun (especially on servers) :D Well, yeah, if it's up to me, I'd like to see sudo in BASE, as OpenBSD does it :) ./Marian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2d1a9e69fe9c17161df35fd248a40882>