[ale] Linux Distributions
Jason Day
jasonday at worldnet.att.net
Wed May 18 10:54:31 EDT 2005
On Wed, May 18, 2005 at 01:06:31AM -0400, Jim Popovitch wrote:
> burn dvds
> use /dev/ttySO
> mount additional tmp space
> add users (a friend might need temp access)
> config iptables/network/tunnels
> load/unload usb/vmware/vpn modules
> bring up a VPN
>
> All of the above CAN be done by a user through a 1000 hoops and loops,
> but in my opinion the risk is greater in the 1000 config/sudo/setuid
> changes than to just know what you are doing and run as root. YMMV.
The first two items are trivial to setup, just add the user to the
appropriate group. The others, IMHO, should be run as root. Mounting
additional tmp space, adding users, configuring firewalls and loading
kernel modules all count as privileged operations in my book. But just
because you need to become root temporarily to perform some operation is
no excuse for running as root all the time. It really is not hard to
su, perform the operation, then exit.
Jason
--
Jason Day jasonday at
http://jasonday.home.att.net worldnet dot att dot net
"Of course I'm paranoid, everyone is trying to kill me."
-- Weyoun-6, Star Trek: Deep Space 9
More information about the Ale
mailing list