Am 12.11.2011 02:02, schrieb Neil Bothwick: > On Sat, 12 Nov 2011 01:45:23 +0100, Florian Philipp wrote: > >>> What happens when there is that one thing they need to do that needs >>> root privileges? Do you give them the root password and let them do >>> what they want, or do you make that one operation available to them? > >> SETUID bit like /bin/ping or sudo itself? That being said, I'd also use >> sudo unless the usage is so frequent that the constant password typing >> becomes a pain. > > SETUID enables it for everyone, not just the user in question. > > You can set sudo to allow specified commands to be executed without a > password. > >
Well, you can limit execution to a single group. Some quick results from `find`: -rws--x--- 1 root messagebus 318656 23. Okt 10:44 /usr/libexec/dbus-daemon-launch-helper -rws--x--- 1 root squid 22824 2. Nov 20:26 /usr/libexec/squid/ncsa_auth -rws--x--- 1 root squid 18720 2. Nov 20:26 /usr/libexec/squid/pam_auth Regards, Florian Philipp
signature.asc
Description: OpenPGP digital signature
