Re: GNU su and the wheel group

[telford]

Tim Smith <reply_in_group@mouse-potato.com> wrote:
> In article <10m487epjdpqjf8@corp.supernews.com>,

> Increasing the number of suid programs is not good.

Overloading the work of a single all-powerful suid program is worse.

Think of the philosophy that made unix strong: do one job and
do it properly. To me, the easiest audit trail is multiple single-task
suid programs, rather than a single multi-purpose suid program.

>> Can anyone think of a sensible example where normal users are using su to
>> switch accounts?

> At work, we've got a server process that three people need to control
> (start, stop, edit config files, access log files, update the software, and
> that sort of thing).  We have a separate user for the server process, and
> the three people su or sudo to that user when they need to do something to
> the server process or its files.

So then that server-process user is found on the logs to have been
attempting a break-in on another site. What do you do then?
All the employees don't know anything about it. All the suspicious
files you find are owned by the server-process user and have useless
(obviously tweaked) datestamps, some robot (also server-process user)
is running around doing strange stuff. How did it get there?

You should use sudo and not su in this situation, and you should
only let the sudo run the start and stop. The config files should
go through a versioning system with a sudo command to get the latest
version (e.g. cvs update). No one should be able to run a shell as
the server-process user.


        - Tel