Re: tcpdump -z

看板FB_security作者時間15年前 (2010/08/28 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串11/13 (看更多)
On Fri, 27 Aug 2010 17:32:18 +0300, Marian Hettwer <mh@kernel32.de> wrot= e: > On Fri, 27 Aug 2010 15:27:07 +0100, Istv=C3=A1n <leccine@gmail.com> wr= ote: > >> Well to be honest i don't see any case when i want to give sudo+tcpdu= mp >> access to any user on my box. And those who are admins/roots anyway t= he = >> "su >> -" just works perfectly and they can run tcpdump. >> > Well, that wasn't an answer to my question or the claim of Andy. > In fact, if you need to give access to some root-only binaries to a > normal user, sudo(8) is the way to go. > With "su -" you would allow full root-access, even though you might > just want to allow specific commands to an unprivileged user. > > so. ehm. no! > In fact, I would suggest to disable root, so that su - doesn't work at= > all. > > ./Marian Ye, and once sudo is broken (somehow, for whatever reason) you have lot'= s = of fun (especially on servers) :D -- = Aldis Berjoza _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 aldis. 的文章
文章代碼(AID): #1CT_rcOb (FB_security)
更多 aldis. 的文章
文章代碼(AID): #1CT_rcOb (FB_security)