Re: setuid for priv sockets?
Re: setuid for priv sockets?
- Subject: Re: setuid for priv sockets?
- From: "Jordan K. Hubbard" <email@hidden>
- Date: Mon, 27 Oct 2008 20:22:31 -0700
On Oct 27, 2008, at 2:49 PM, Stephen Hoffman wrote:
Not passing out root or sudo access is a common practice in various
production and security-conscious environments. Within those
environments (and I deal with folks that are severely allergic to
passing out root access), setuid can be an invaluable palliative.
I'm quite willing to move to another approach or environment or tool
or interface here. But suggesting that they pass out root access as
a solution for starting up certain command-line tools is just going
to get me a heaping raft of static with these good folks.
I think Damien might have been a little too sweeping in his
generalizations; I don't think anyone is suggesting that the user
should be, or needs to be, involved in all such privilege decisions,
it's just one additional approach. For the cases you're talking
about, having Launchd start the helper tool and confer privileges to
it, rather than making that tool setuid, is the answer.
- Jordan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden