Date: Sun, 8 Aug 1999 20:47:19 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: John Baldwin <jobaldwi@vt.edu> Cc: Anthony Kimball <alk@pobox.com>, freebsd-security@FreeBSD.ORG Subject: Re: group bits Message-ID: <199908090047.UAA17328@khavrinen.lcs.mit.edu> In-Reply-To: <199908090034.UAA15145@smtp3.erols.com> References: <14250.25026.756025.612481@avalon.east> <199908090034.UAA15145@smtp3.erols.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 08 Aug 1999 20:34:01 -0400 (EDT), John Baldwin <jobaldwi@vt.edu> said: [Lines reformatted. Next time, please fill your lines to 72 characters or less.] > *Bzzzt* wrong! Sudo lets you specify which user a user can run a > command as. You could create a sudo user pppuser, for instance, and > have the people in the pppgroup group be able to run commands as > pppuser. Then they are not running commands as root. Read the man > page next time. Which has nothing whatsoever to do with Anthony Kimball's stated desire, which was to allow members of his sysadmin group to edit PPP configuration files *within their existing editor sessions* and without needing to unnecessarily gain additional privilege. The standard UNIX privilege model was working just fine, until the PPP program decided to substitute its judgment for that of the sysadmin. Fascist file permission policies often annoy as much as they help, particularly in large installations with multiple technically competent sysadmins. (Yes, we really do want /etc/aliases to be world-writable! The only reason anyone has an account on the machine is to edit /etc/aliases!) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908090047.UAA17328>