On Thu, Mar 31, 2005 at 06:16:46AM +1000, [EMAIL PROTECTED] wrote: > Group staff is an anachronism: its ownership of /home is "wrong". Its use > and usefulness should be reviewed.
An anachromism ? What paradigm shift made it "wrong" ? > Group staff is said to be useful "for helpdesk types or junior sysadmins", > without warnings that it is in fact root-equivalent. Who said that ? sg staff -c make install and su root -c make install are very different security-wise. For once, the first will fail if we mistakenly try to install in /usr instead of /usr/local. > Use of root-equivalent users and groups may enlarge the attack surface. There are a lot of them, though. > If commonly used software allows breaching some security features, then > the features need to be changed. No security conscious person use NFS in a security sensitive context anyway. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
