On Mon, Jun 9, 2008 at 12:18 PM, Sloan
John Andersen wrote:
On Mon, Jun 9, 2008 at 7:53 AM, Carlos E. R.
wrote: Notice that the user to be added to the group "root" is in fact the owner and root for the system. If he wants to do anything a normal user can't do, he simply logs in as root or uses "su". There is no new danger,
So you are saying a user added to the group "root" would not impose a danger of this user unwittingly running rm -Rf / and nuking the system?
Nope, it significantly reduces the danger. Simply being a member of the root group would not allow one to remove / since that would require write access, which isn't somehow automatically conferred just because a user in the root group.
Secondly, since this user is already the admin & owner of the machine, he already has the root password. So, rather than allowing him read access to the log files through a group addition, you'd rather have the user log in as root, where he really *could* rm -rf /
So, how is that safer?
When you log in as root, or su or sudo, you are CAREFUL. In everyday usage everybody makes mistakes. However, for the task at hand, permission to read /var/log/messages can be controlled in Yast under Miscellaneous Settings / File permissions by selecting "Easy" File Permissions: Settings for the permissions of certain system files are set according to the data in /etc/permissions.secure or /etc/permissions.easy. And of course Root can mess with the specific settings in either of those files. -- ----------JSA--------- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org