theoretical question - can root's username be changed?

Mike McCarty mike.mccarty at
Fri Dec 2 21:22:16 UTC 2005

Les Mikesell wrote:
> On Fri, 2005-12-02 at 14:14, Mike McCarty wrote:
>>One cannot configure sudo such that one can "vi /etc/one_special_file"
>>but not "vi /etc/another_special_file".
> But you can rather easily have a replace_special_file program that
> only specified users can run and that does nothing else.  Vi permits
> shell escapes and thus like many unix programs, includes the
> capabilities of all other programs so it's not something you would
> want to permit a user to do as root even if you could control the
> initial file loaded.

But I was addressing the issue of the security model, not whether
something can be done with a specially designed work-around, nor
whether vi had some security holes.

ACL, for example, does exactly what I described, no workaround,
no special program, no extra scripts.

Everything has its strengths and weaknesses. ACL has its own
weaknesses, one of which is that it can be a burden to
non technical users. It's more complex to set up.

This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!

More information about the fedora-list mailing list