From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2010-November/000487.html | 87 +++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2010-November/000487.html (limited to 'zarb-ml/mageia-sysadm/2010-November/000487.html') diff --git a/zarb-ml/mageia-sysadm/2010-November/000487.html b/zarb-ml/mageia-sysadm/2010-November/000487.html new file mode 100644 index 000000000..a0069903e --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000487.html @@ -0,0 +1,87 @@ + + + + [Mageia-sysadm] Usernames, uids, and groups + + + + + + + + + +

[Mageia-sysadm] Usernames, uids, and groups

+ Luca Berra + bluca at vodka.it +
+ Wed Nov 10 18:04:29 CET 2010 +

+
+ +
On Wed, Nov 10, 2010 at 01:32:47PM +0100, Michael Scherer wrote:
+>Le mercredi 10 novembre 2010 à 11:55 +0100, nicolas vigier a écrit :
+>> On Wed, 10 Nov 2010, Luca Berra wrote:
+>>
+>> > 2) Accountability. No idea in France, but here system administratros
+>> > need to be accounted (*).
+>> 
+>> When someone runs "sudo su -" or something equivalent there is no
+>> accountability on what he did after that.
+>
+>Even more cunning, emacs or vim can run process ( except that vim has a
+>mode where it can prevent it with -Z, do not know for emacs ).
+
+it is better to use sudoedit for editing files, it will copy the
+original file to a temporary copy, revert to caller uid, let user edit
+the file, and move it into place afterwards.
+
+another options is using noexec (sudo will preload a shlib overriding
+exec calls)
+
+L.
+
+-- 
+Luca Berra -- bluca at vodka.it
+
+ + + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1