On Wed, Mar 02, 2005 at 04:19:50PM -0300, Felipe Augusto van de Wiel (faw) wrote:
I don't exactly, but, if you already allow your users to use sudo/su solutions, why are you trying to change it and... if you are planning to use any "non encrypted" authentication protocol over the network, your users will have access to things like "root pass".
Letting users run tcpdump with root privs opens a lot more vulnerabilities than letting them sniff without root privs. (E.g., with the sudo approach they can clobber or possibly read arbitrary files on the local system.) People tend to run around advocating sudo everywhere when in fact doing so is *a lot* more dangerous than a real least-privilege system. Mike Stone