[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Security Team

On Fri, Mar 07, 2014 at 01:57:17PM +0100, Stephan Seitz wrote:
> On Thu, Mar 06, 2014 at 12:21:06PM +1100, Craig Small wrote:
> >You apparently can have a "special" group that can see everything.
> Aren’t there PAM modules which can grant capabilities to certain users?
No idea, adduser thisuser thatgroup seems a reasonably simple fix.

> >That might be worthwhile for a default.
> >It makes things like pstree look odd, so I'll be expecting some new bug
> >reports.
> It will break software like nagios with check_procs. Any ideas how
> one can solve this? dpkg-stateoverwrite doesn’t support
> capabilities, only the standard chmod commands.
That's why I think there should be a defined group. Then anything that
needs or anyone that wants, "normal" access just gets added to this
group.

 - Craig

-- 
Craig Small (@smallsees)   http://enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux           http://www.debian.org/   csmall at : debian.org
GPG fingerprint:        5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5
Reply to: