Re: Security issue? Daemon users has to much rights...
Am Samstag, 23. Oktober 2004 00:36 schrieb Michael Stone:
> On Fri, Oct 22, 2004 at 11:13:55PM +0200, Jan Lühr wrote:
> >Of course, providing security on that level is not the best way to ensure
> > the system's integrity and safety.
> >But why do you think, that security on filesystem level is doomed to
> > failure if it's part of a security concept?
> Because you haven't described a practical approach for implementing
> "allow all the users except lp to access mount" in a way which works for
> naive system administrators.
What do you expect here? Of course there is a tradional unix approach (groups
-ugly one I admit - and a more clean approach using posix acls). If defaults
are setted in a senseful way, you can protect suid binaries from being used
by the wrong users. What's wrong in that idea? As long as you grant right's -
related to suid - on filesystem level, it's useful to restrict them on this
Sudo is another approach, but sudo makes things even more complicated. Do you
think, deleting all root-suid bits and using sudo i a better approach for