Le mar. 10 déc. 2019 à 16:52, Adam Thompson <athom...@athompso.net> a écrit : > > Is there a way to placate security(8) that I'm just not seeing? Or is > my goal fundamentally misguided for some reason I'm not seeing? The > user in this case is semi-trusted (e.g. yes, we'll let you login using > an unprivileged account to run bgpctl in pipelines) but not > organizationally-trusted (i.e. but that's ALL we want you to do on this > system).
If bgpctl is the only thing you want, have a look at bgplgsh(8). It doesn't do everything bgpctl does (only show/ping/traceroute), but it might be sufficient for your needs.
