2009/8/27 Henrik Hodne dvyjones@cluenet.org:
On 27. aug. 2009, at 10.14, Leszek Krupinski leafnode@gmail.com wrote:
On Thu, Aug 27, 2009 at 10:06 AM, Henrik Hodnedvyjones@cluenet.org wrote:
Out of interest, how would these limited rights be implemented?
I would guess that the easiest way would be some kind of daemon running as root.
Daemon? Why not just sudo?
Doh! I keep forgetting you can limit privileges with sudo.
Henrik
Toolserver-l mailing list (Toolserver-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
Bear in mind that most programs can be exploited as root, to gain full root. Might I remind you of what happened with mount (for those of you who don't know, a bunch of people from the not-for-profit organisation me and Henrik volunteer for, abused access to mount, to take a whole server, by making their own filesystems with setuid binaries inside, and mounting them)
Fahad