diff options
| author | Jean Milanez Melo <jmelo@FreeBSD.org> | 2006-07-24 12:12:42 +0000 |
|---|---|---|
| committer | Jean Milanez Melo <jmelo@FreeBSD.org> | 2006-07-24 12:12:42 +0000 |
| commit | c49ad1acca70e3d0b7037526d2231c94f263e08b (patch) | |
| tree | 342e800ab11c8fe4537c558100c6576cf927c552 /security/super/pkg-descr | |
| parent | 1fa810ee382e2fe7ddb5be3bb3caaa2fee1f238f (diff) | |
| download | ports-c49ad1acca70e3d0b7037526d2231c94f263e08b.tar.gz ports-c49ad1acca70e3d0b7037526d2231c94f263e08b.zip | |
Notes
Diffstat (limited to 'security/super/pkg-descr')
| -rw-r--r-- | security/super/pkg-descr | 39 |
1 files changed, 4 insertions, 35 deletions
diff --git a/security/super/pkg-descr b/security/super/pkg-descr index ef2e077e8f82..5eb311a32eda 100644 --- a/security/super/pkg-descr +++ b/security/super/pkg-descr @@ -1,4 +1,4 @@ -Super is a setuid-root program that offers +Super is a setuid-root program that offers: o restricted setuid-root access to executables, adjustable on a per-program and per-user basis; @@ -7,30 +7,8 @@ Super is a setuid-root program that offers scripts can be run as root (or some other uid/gid), without unduly compromising security. -Sample uses: - - to call a script that allows users to use mount(8) on - cdrom's or floppy disks, but not other devices. +The design philosophy behind super is two-fold: - - to restrict which users, on which hosts, may execute a - setuid-root program. - - - to allow groups of trusted users (e.g. an "operator" group) complete - root access to sets of selected commands such as, say, line-printer - control commands, without giving away access to other commands, - and with full logging of all commands used. - - -Super and sudo --------------- -Sudo -- - Sudo allows a permitted user to execute a command as the superuser. - Its central design philosophy is that each user can be - trusted when executing certain commands. This is implemented - by allowing each user to execute the restricted commands for - which s/he is trusted, without giving access to other restricted commands. - -Super -- - The design philosophy behind super is two-fold: (a) some users can be trusted when executing certain commands; (b) there are some commands, such as a script to mount CDROM's, which you'd like to be safely executable even by users who @@ -39,14 +17,5 @@ Super -- can be hard to break, and super provides that wrapper so that even a non-trusted user can use the scripts. -In the author's view, the main differences to the administrator are: - - (1) the files that specify valid user/command combinations have - a different look and feel. - - (2) super provides a safe wrapper for scripts, so that a - well-written script can be run safely by ordinary - users without having to actually trust them. - - --- David (obrien@FreeBSD.org) +WWW: http://www.ucolick.org/~will/#super +AUTHOR: Will Deich <will@ucolick.org> |