On Wed, 2004-08-25 at 04:37, Loki wrote:
> Imagine, if you will, a server.
>
> Imagine that this server is a web server, and has the ability to run CGI
> scripts.
>
> Imagine that this web server has 4,000 users.
>
> Imagine that one of them thinks it would be funny to insert
>
> exec ('apm -s');
>
> into a Perl script.
>
> Now you know why apm needs root. :)
>
Well, what about chmod 0660 /dev/apm_bios; groudadd apm and chowm
root.apm /dev/apm_bios? Only users in group apm would then be able to
suspend. Would be a clean solution...
> No. Users may want to check what the state of the BIOS is (for example,
> they may want to know how much battery life is left). That doesn't mean we
> want to necessarily trust them with the ability to, effectively, remotely
> shutdown the entire system.
>
I understood what you mean. I'll see how to best manage apm -s on my
system, maybe using some kind of group permissions as shown above.
Thanks for your interest and feedback,
I.
--
)/_
_.--..---"-,--c_ Ivo Marino <eim@mentors.debian.net>
\L..' ._O__)_ http://mentors.debian.net/~eim/
-. _.+ _ \..--( / irc.FreeNode.net #debian-mentors
`\.-''__.-' \ ( \_ A Public Debian Package Repository
`''' `\__ /\
')
Attachment:
signature.asc
Description: This is a digitally signed message part