Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 28 Aug 2010 01:41:10 +0100
From:      =?UTF-8?Q?Istv=C3=A1n?= <leccine@gmail.com>
To:        Marian Hettwer <mh@kernel32.de>
Cc:        vadim_nuclight <vadim_nuclight@mail.ru>, freebsd-security <freebsd-security@freebsd.org>, Andy Kosela <akosela@andykosela.com>, Pieter de Boer <pieter@thelostparadise.com>
Subject:   Re: tcpdump -z
Message-ID:  <AANLkTi=HajtqP3_TGGXq%2BY6wTxJ%2BReATtkiHAr1XewJ2@mail.gmail.com>
In-Reply-To: <b9de3a5a374944a6b6d3ad8605bab663@localhost>
References:  <slrni7eu1h.21lb.vadim_nuclight@kernblitz.nuclight.avtf.net> <4C77A267.10102@thelostparadise.com> <AANLkTim1frPvChMJfDLnHe6LW3HnR=AWeYcCsf-tx3V-@mail.gmail.com> <5d88fc9506514cabc7390e66a1f9872f@localhost> <AANLkTikgbBzUmd0fBaGfQQqR_SFXA82yhBk0WAffX-Si@mail.gmail.com> <b9de3a5a374944a6b6d3ad8605bab663@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help 
i know this attitude from previous experience when sysadmins are afraid of
using root shell in general.using sudo is uncomfortable starting with this
simple example:

$ sudo cat /dev/null >/root/lol
bash: /root/lol: Permission denied

of course you can work around that but if you say this is efficient i think
you are mad :)



On Fri, Aug 27, 2010 at 3:32 PM, Marian Hettwer <mh@kernel32.de> wrote:

> On Fri, 27 Aug 2010 15:27:07 +0100, Istv=C3=A1n <leccine@gmail.com> wrote=
:
>
> > Well to be honest i don't see any case when i want to give sudo+tcpdump
> > access to any user on my box. And those who are admins/roots anyway the
> "su
> > -" just works perfectly and they can run tcpdump.
> >
> Well, that wasn't an answer to my question or the claim of Andy.
> In fact, if you need to give access to some root-only binaries to a
> normal user, sudo(8) is the way to go.
> With "su -" you would allow full root-access, even though you might
> just want to allow specific commands to an unprivileged user.
>
> so. ehm. no!
> In fact, I would suggest to disable root, so that su - doesn't work at
> all.
>
> ./Marian
>
>


--=20
the sun shines for all

http://l1xl1x.blogspot.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=HajtqP3_TGGXq%2BY6wTxJ%2BReATtkiHAr1XewJ2>