On Thu, 17 Feb 2011 19:44:20 +0000, Katie T wrote: > Running any kind of script sudo'd is a bad idea, it's very very hard (in > many cases impossible) to do securely. Root permissions in general > should only be used for what they're needed for and nothing else (that > means getting the permission, doing the stuff that needs to be done as > root, and then returning back to normal privs), anything else is just > asking for trouble.
I agree with your general point, but the specific point to avoid running scripts with sudo? Are you sure you're not conflating sudo with setuid? By my reading, sudo is far preferred over running scripts setuid root. Linux, for example, simply will not run scripts setuid root because of the security risk, while running things using sudo is considered best practice, and much preferred over logging in as root. The idea of sudo is to do exactly what you say: doing the stuff needed as root with elevated permission, then returning to normal. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
