Slrnpull_root
in [Slackware]
|
Prev: timout binary question
Next: What am I doing wrong ?
From: Sylvain Robitaille on 24 Jun 2010 12:40 Chick Tower wrote: > What's the difference between a normal user and an otherwise > unprivileged user, Sylvain? A normal user is usually associated with a human, and might belong to multiple groups, whereas an otherwise unprivileged user is a "software" user and should belong to only one group. You don't need the "news" user to be able to mount disks, or output audio, for example. On my systems, programs that are setuid are also executable only to group "users", so that only "normal users" can run them, not "otherwise unprivileged users" (which don't belong to that group). Does that clarify what I mean? -- ---------------------------------------------------------------------- Sylvain Robitaille syl(a)encs.concordia.ca Systems analyst / AITS Concordia University Faculty of Engineering and Computer Science Montreal, Quebec, Canada ----------------------------------------------------------------------
From: Chick Tower on 25 Jun 2010 13:12 On 2010-06-24, Sylvain Robitaille <syl(a)alcor.concordia.ca> wrote: > Does that clarify what I mean? Yes. I just don't recall seeing them defined that way before. Without those definitions, they seem identical. -- Chick Tower For e-mail: aols2 DOT sent DOT towerboy AT xoxy DOT net
From: Sylvain Robitaille on 25 Jun 2010 14:17
Chick Tower wrote: > ... Without those definitions, they seem identical. Until you start to consider whether it makes sense for an "httpd" process (for example) to be able to run "crontab" (or some other setuid root binary), mount disks, or activate a microphone input, I suppose that they are identical. My examples are extreme, admittedly, but deliberately so ... -- ---------------------------------------------------------------------- Sylvain Robitaille syl(a)encs.concordia.ca Systems analyst / AITS Concordia University Faculty of Engineering and Computer Science Montreal, Quebec, Canada ---------------------------------------------------------------------- |