Re: Bug#484841: staff group root equivalence
On Mon, 02 Mar 2009, Manoj Srivastava wrote:
> You see, us grad students in the staff group were _not_ supposed to
> be root, or be bale to modify the vendor directories (who knows, it
> might have violated the universities support contract).
Yeah, but by default, if you have staff access, you can easily gain
root access, so there's really no distinction between the two. [In
Debian, this could be done by shoving in a special /usr/local/bin/awk
to trap cron.daily/standard calling it as root, for example.]
> Not that it makes much of a difference in Debian selecting a
> default, really. But I can see a use case in a large environment
> with subgroups where limited privileges are required -- and the
> /usr/local hierarchy, with the support for local overrides in path,
> programs like perl and emacs, made such setups easy for overlaying
> such privileges on a subset of the machines.
The real problem is that by default root's PATH contains
/usr/local/sbin and /usr/local/bin, so you have to jump through quite
a few extra hoops to make the distinction between root and staff
viable in the first place.
Don Armstrong
--
"People selling drug paraphernalia ... are as much a part of drug
trafficking as silencers are a part of criminal homicide."
-- John Brown, DEA Chief
http://www.donarmstrong.com http://rzlab.ucr.edu
Reply to: