Re: tcpdump -z
- From: Marian Hettwer <mh@xxxxxxxxxxx>
- Date: Fri, 27 Aug 2010 17:38:14 +0100
On Fri, 27 Aug 2010 19:20:57 +0300, "Aldis Berjoza" <aldis@xxxxxxxxxx>
wrote:
On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer <mh@xxxxxxxxxxx> wrote:
On Fri, 27 Aug 2010 15:27:07 +0100, István <leccine@xxxxxxxxx> wrote:
Well to be honest i don't see any case when i want to give sudo+tcpdumpWell, that wasn't an answer to my question or the claim of Andy.
access to any user on my box. And those who are admins/roots anyway the >> "su
-" just works perfectly and they can run tcpdump.
In fact, if you need to give access to some root-only binaries to a
normal user, sudo(8) is the way to go.
With "su -" you would allow full root-access, even though you might
just want to allow specific commands to an unprivileged user.
so. ehm. no!
In fact, I would suggest to disable root, so that su - doesn't work at
all.
./Marian
Ye, and once sudo is broken (somehow, for whatever reason) you have
lot's of fun (especially on servers) :D
Well, yeah, if it's up to me, I'd like to see sudo in BASE, as OpenBSD
does it :)
./Marian
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- tcpdump -z
- From: Vadim Goncharov
- Re: tcpdump -z
- From: Pieter de Boer
- Re: tcpdump -z
- From: Andy Kosela
- Re: tcpdump -z
- From: Marian Hettwer
- Re: tcpdump -z
- From: István
- Re: tcpdump -z
- From: Marian Hettwer
- Re: tcpdump -z
- From: Aldis Berjoza
- tcpdump -z
- Prev by Date: Re: tcpdump -z
- Next by Date: Re: tcpdump -z
- Previous by thread: Re: tcpdump -z
- Next by thread: Re: tcpdump -z
- Index(es):
Relevant Pages
|
