Date: Fri, 13 May 2011 13:41:06 +0100 From: krad <kraduk@gmail.com> To: Chris Telting <christopher-ml@telting.org> Cc: freebsd-questions@freebsd.org Subject: Re: Established method to enable suid scripts? Message-ID: <BANLkTim3R32xqssN%2BFPf20ACffSzKJqMKQ@mail.gmail.com> In-Reply-To: <4DCD02EF.7050808@telting.org> References: <4DC9DE2C.6070605@telting.org> <201105121657.57647.j.mckeown@ru.ac.za> <4DCBFC39.8060900@telting.org> <201105130932.32144.j.mckeown@ru.ac.za> <BANLkTin4rkQouSiOy4M1uu%2BqXSWJzF_STA@mail.gmail.com> <4DCD02EF.7050808@telting.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13 May 2011 11:07, Chris Telting <christopher-ml@telting.org> wrote: > On 05/13/2011 01:32, krad wrote: > >> what i cant understand is the complete aversion to sudo. Could you shed >> any light on why you are trying to avoid a tried and tested method. >> > > That I freely admit is for no rational reason. It's just annoying. But let > me ask you.. is "sudo ping" acceptable? Please explain the logical reason > why not. It would be the preferred method if suid didn't exist and sudo was > part of the base system. > > Happy Friday. > > Without knowing your security policy its difficult to say. However from an adhoc point of view I dont see why not assuming what you are doing with it needs root privilege. Its also far less risky than giving a user access to a box. Again without knowing your security policy, i dont see why sudo coming from ports vs base system is really relevant. As long as said port is audited to the same level or higher than the base system i dont see any problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTim3R32xqssN%2BFPf20ACffSzKJqMKQ>