Andrew Libby on Thu, 3 Jun 1999 11:42:45 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [Plug] PPP problems with Debian


On Thu, Jun 03, 1999 at 11:03:47AM -0400, Michael wrote:
> >>  My reply to Chris Fearnley's mail was: 
> > On Thu, Jun 03, 1999 at 08:33:09AM -0400, Andrew Libby wrote:
> > > Consider:
> > > 
> > > Under redhat, I use sudo for ppp.  I have my unprivliged uid able
> > > to execute any command as root, and then I have menu items in 
> > > fvwm which basicly run a custom ppp script (shell script) as root. 
> > > It has been working well for about a year now.
> > 
> > That will work just fine.  But it violates the principle of least
> > privilege.  Using groups and not running commands as root if at all
> > possible is better policy, IMHO.
> > 
> 
> I'm going to have to disagree here.  sudo is a great way of
> delegating root without having 50 suid binaries lying all
> over the place.  sudo gracefully  addresses the limitations of the UNIX
> permission model .  Of course the unpriv.  uid shouldn't be able
> to run *any* command as root, just what is required for ppp.
> 
> 
> $0.02,
> 
> 

I was sitting here thinking of a good response, but Mike, you 
took care of it for me.

I have to admit, in the comfort of my own home, sudo is used
quite promiscuously.  When used on a multi user system, however, 
it can be configured is more granularity then I'd ever want to imagine.

Thanks Mike

Andy

_______________________________________________
Plug maillist  -  Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug