Subject: Re: [firstname.lastname@example.org: [Global InterSec 2002041701] Sudo
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Oleg Polyanski <Oleg.Polianski@clear.co.nz>
Date: 04/26/2002 21:04:36
email@example.com (Greg A. Woods) writes:
> A proper dedicated set-ID program that can't be mis-configured so
> easily would be an almost infinitely better alternative than sudo.
Would you ever consider making the `umount(8)' program set-ID only
just to let somebody to unmount CD-ROM / floppy drive?
> Perhaps it wouldn't even have to be set-ID-root if what it does
> can be delegated to a special user.
Again, you can't delegate permissions to a dedicated user in order
to let them to unmount a volume. I would rather vote for RBAC from
Solaris. RBAC complementing (but not replacing) the set-ID
mechanism is really handy in use and is flexible. For systems
lacking of RBAC, sudo is the only choice if it is not abused, of