delgarde at ihug.co.nz
Thu Oct 18 03:07:49 PDT 2001
On Thursday 18 October 2001 04:34, Fabio Fracassi wrote:
> When dealing with security sensitive things one should always be very
> careful. Your examples above sound like very sloopy administration.
It does rather, doesn't it? Handy from a certain point of view though... if
used with care, it lets me fix some of the small problems that would
otherwise require getting help from the admins - killing some runaway
processes, correcting incorrect file ownership and permissions. The latter
has been quite common, owing to some mixed up umask settings on one of the
sudo-run scripts - it's not so helpful, having our output files owned
root, permissions 600.
> If you are not sure wether a program allows more then you intend it to,
> write a wrapper script (write protectet of course), that enforces your
One more recent script does that - the path to it is hardcoded in to
/etc/sudoers, rather than using $PATH. It's essentially a switcher, which
makes sure it's running as root (sudoing itself if needbe) then choosing the
appropriate scripts to run. It's not perfect, but it's an improvement.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message
More information about the blfs-support