Sudo from scripts
Jerry Feldman
gaf at blu.org
Sat Nov 22 13:10:54 UTC 2008
On 11/18/2008 09:59 PM, Nifty Fedora Mitch wrote:
>
> Backing up those (system) files that a user can just read in the normal
> set of events is not a security issue. The serious risk is on the
> restore side of things. For example /etc/passwd needs to be +read
> for the world by contrast /etc/shadow cannot be read.
>
> Interpreted programs -- bash, perl, python must be +read! Note that
> the run time load/linker must read information from binary objects.
> In fact it must do a bit of editing -- see also prelink.
> It might be possible to add attributes to each section of an object
> (see objdump) such that specific read write bits and security
> attributes exist and are enforced per section (I do not recommend such
> an RFE).
>
> There may be an issue if software is purchased and unauthorized copies leave
> the building but that is a different component of security.
>
>
>
Basically, I agree. Backing up as root is fine, as long as the backup
procedure maintains the proper ownership and permissions. On home
systems, I personally prefer to backup my home directory myself and
manage my crontab, but that could be done just as easily by root.
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20081122/38f2ef8a/attachment-0001.bin
More information about the users
mailing list