OT: suid programs vs. sudo access (Re: NetworkManager or Wifi-Radar?)
Jean-Christophe
jc.sid at free.fr
Tue Jun 17 17:40:02 CEST 2008
> It can be, if done properly. A sudo entry to run a particular app as
> root password-less forces you to rely on sudo itself being well behaved
> and secure.
>
> A binary with perms set to -rwsr-x--- and ownership set to root:foo (and
> put users allowed to run it in group foo) only relies on the OS's
> built-in facilities and is certainly no less secure than a password-less
> sudo entry. I'd argue it's more secure.
>
So I did it, and it works: I can launch wpa_gui as $user, but it can't
configure wpa_supplicant, which is a root process...
More information about the Xfce
mailing list