also sprach Brian Kim <bmhkim@gmail.com> [2005.03.02.1802 +0100]: > I'd like to give regular users the ability to sniff packets (and > possibly drop the NIC into promiscuous mode?), without having to > deal with sudo or su. How could I go about doing this? And if you > provide a solution, what sorts of security concerns does it > present, aside from the obvious "anyone can see anything" sort of > concern? You need sudo, or a ACL or MAC-based system (such as SELinux). Since your users will be able to execute tcpdump as root, any problems with the programme can be fatal. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature