On 2014-12-08 09:16, Shriramana Sharma wrote:
IIRC, Ubuntu relies on the fact that normal users don't have the capabilities required for the privileged operations, as opposed to just not letting them run the binaries at all.On Mon, Dec 8, 2014 at 6:31 PM, Austin S Hemmelgarn <ahferroin7@xxxxxxxxx> wrote:Personally, I prefer a somewhat hybrid approach where everyone has *sbin in their path, but file permissions are used to control what non-administrators can run.This is exactly the same approach as Ubuntu, since non-superuser can't really do anything active (whether creating or deleting) with */sbin commands, but only querying (like ifconfig, btrfs subvol list etc). So this is not really hybrid of anything it seems.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
