Re: Proposal: Allowing access to dmesg for users in group adm

To: debian-devel@lists.debian.org
Subject: Re: Proposal: Allowing access to dmesg for users in group adm
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 20 Aug 2020 23:43:36 +0200
Message-id: <[🔎] 875z9d803b.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 87v9hfmmxj.fsf@DigitalMercury.dynalias.net> (Nicholas D. Steeves's message of "Tue, 18 Aug 2020 21:42:00 -0400")
References: <[🔎] 11dbf6a5-57d1-af8e-ec93-554a31ceed4e@canonical.com> <[🔎] 3e16f09bbf3a017c1dc6e4252e167824d61bafea.camel@43-1.org> <[🔎] 87v9hfmmxj.fsf@DigitalMercury.dynalias.net>

* Nicholas D. Steeves:

> Given that our default sudoers (and afaik Ubuntu's) provides the
> following rule
>
>   %sudo   ALL=(ALL:ALL) ALL
>
> would it be reasonable to modify this proposal to use the "sudo" rather
> than "adm" group, given that we don't yet have a default mechanism to
> enforce a "if groups = (sudo AND adm)" mechanism?

I don't think so.  sudo should be dedicated to sudo access management.
I expect that system administrators would be surprised if it confers
completely unrelated privileges.

Reply to:

References:
- Proposal: Allowing access to dmesg for users in group adm
  - From: Matthew Ruffell <matthew.ruffell@canonical.com>
- Re: Proposal: Allowing access to dmesg for users in group adm
  - From: Ansgar <ansgar@debian.org>
- Re: Proposal: Allowing access to dmesg for users in group adm
  - From: Nicholas D Steeves <nsteeves@gmail.com>

Prev by Date: Bug#968751: ITP: firewalk -- active network reconnaissance security tool
Next by Date: Work-needing packages report for Aug 21, 2020
Previous by thread: Re: Proposal: Allowing access to dmesg for users in group adm
Next by thread: debian sid --> lxde
Index(es):
- Date
- Thread