From owner-freebsd-questions@FreeBSD.ORG Fri May 13 12:41:08 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63C0F106564A for ; Fri, 13 May 2011 12:41:08 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id E9FF68FC0C for ; Fri, 13 May 2011 12:41:07 +0000 (UTC) Received: by wyf23 with SMTP id 23so2561487wyf.13 for ; Fri, 13 May 2011 05:41:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UAL1D4xoi7+kp3Iz1QUBZiFIhecsEexHtueXntPbZ8A=; b=l9tmNZwg+c+9jVSKIpbR5t80cCSHfizTVHrv6HSAycofTTB02A4D/pJ0XHaQCJzdeh ihNxp/QANrI+seWvoGcH0EwwLJ0KwKVnJODgURCkJTlfuYF6BOXlPNnnZJi98brlhXsY TehFnNtTPzEUYa9Dviai3AVKPXM2TCyOL2fbE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=MgpENwc+TdyUo/BsxbWCz3rdaZ3is+PcQ+2SKfIo0rcEDY+/JIpZYYjQmoJAXAA4rG BFxUKmPSMs7YndlS+eKpk3cC7udaZlid/udtZG5HsNTAQQc65Fez8jw5t5wp13aT335N u4bf1NGf6fUF30Hpq6ryDt/uhDqbEZnWl7nGs= MIME-Version: 1.0 Received: by 10.216.142.165 with SMTP id i37mr1322040wej.106.1305290466839; Fri, 13 May 2011 05:41:06 -0700 (PDT) Received: by 10.216.90.145 with HTTP; Fri, 13 May 2011 05:41:06 -0700 (PDT) In-Reply-To: <4DCD02EF.7050808@telting.org> References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <4DCD02EF.7050808@telting.org> Date: Fri, 13 May 2011 13:41:06 +0100 Message-ID: From: krad To: Chris Telting Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2011 12:41:08 -0000 On 13 May 2011 11:07, Chris Telting wrote: > On 05/13/2011 01:32, krad wrote: > >> what i cant understand is the complete aversion to sudo. Could you shed >> any light on why you are trying to avoid a tried and tested method. >> > > That I freely admit is for no rational reason. It's just annoying. But let > me ask you.. is "sudo ping" acceptable? Please explain the logical reason > why not. It would be the preferred method if suid didn't exist and sudo was > part of the base system. > > Happy Friday. > > Without knowing your security policy its difficult to say. However from an adhoc point of view I dont see why not assuming what you are doing with it needs root privilege. Its also far less risky than giving a user access to a box. Again without knowing your security policy, i dont see why sudo coming from ports vs base system is really relevant. As long as said port is audited to the same level or higher than the base system i dont see any problem.