More PATH fallout. Who decided this was a good idea?
Steve Grubb
sgrubb at redhat.com
Sat Dec 6 01:29:45 UTC 2008
On Friday 05 December 2008 18:27:01 Callum Lerwick wrote:
> So, I spent 10 minutes trying to figure out why "userm[tab]" only came
> up with usermount. usermod had disappeared from my system!
These should have been gone for quite a while...and on purpose. You cannot do
anything with them unless you are root. Allowing anyone even to execute them
would require lots of bad things for our LSPP/CAPP evaluations.
> -rwxr-x--- 1 root root 97000 2008-11-05 14:58 audispd
> -rwxr-x--- 1 root root 121056 2008-11-05 14:58 auditctl
> -rwxr-x--- 1 root root 175416 2008-11-05 14:58 auditd
> -rwxr-x--- 1 root root 98496 2008-11-05 14:58 autrace
The audit tools are protected from casual use for a reason.
> -rwxr-x--- 1 root root 47704 2008-09-24 08:38 groupadd
> -rwxr-x--- 1 root root 38832 2008-09-24 08:38 groupdel
> -rwxr-x--- 1 root root 33888 2008-09-24 08:38 groupmems
> -rwxr-x--- 1 root root 47608 2008-09-24 08:38 groupmod
> -rwxr-x--- 1 root root 83864 2008-09-24 08:38 useradd
> -rwxr-x--- 1 root root 56528 2008-09-24 08:38 userdel
> -rwxr-x--- 1 root root 82296 2008-09-24 08:38 usermod
These are required to be this way for our Common Criteria evaluations.
> As a sudo user, I believe that running admin tools such as usermod as an
> unprivileged user to get the help page is a perfectly valid use case,
You have a man page that should be accurate. If not file a bug.
> and this change is a bad idea that should be reversed.
Nope.
-Steve
More information about the fedora-devel-list
mailing list