From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rd4KG-00059N-BW for garchives@archives.gentoo.org; Tue, 20 Dec 2011 18:22:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 50FD021C035; Tue, 20 Dec 2011 18:21:54 +0000 (UTC) Received: from homiemail-a43.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 0512721C035 for ; Tue, 20 Dec 2011 18:20:52 +0000 (UTC) Received: from homiemail-a43.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a43.g.dreamhost.com (Postfix) with ESMTP id E74778C06A for ; Tue, 20 Dec 2011 10:20:44 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=libertytrek.org; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s= libertytrek.org; b=tfnAAm9/ABBV6IJnxgTHZUZqc6tS3BOt0oMspunI+jQTj G/spIBas+DsHAU3BChI8wTWDKjEjoPFci8BLLn7kUHGVE6xrubANyk0JUuaZyOY9 F6r+vJ4pGIGdSayGFk2+7FN7XjM9N+m3OyoIk/7CV6Of0Fa18l4hgWibP3WmBA= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s= libertytrek.org; bh=nYrAMSWdy1lhyou2X3UbgB0aP4c=; b=fDFenAKGQ/lQ fkFs3bU8jXxpLkAJjajFnq5u7ijR/uj34e7BGLPKHv5R0pt8GS3AtzGBUkd4teuo rKPPa9H4dgFw1GluiIJDkv4NT8bnHsvcl1e6NE2o8TofugaNDo7ktd00aUEqDu+U UAfvY4IWpLJvcNsLiK3u7VnLn9FYgOE= Received: from [127.0.0.1] (smtp.media-brokers.com [70.43.81.99]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a43.g.dreamhost.com (Postfix) with ESMTPSA id 08D2F8C056 for ; Tue, 20 Dec 2011 10:20:38 -0800 (PST) Message-ID: <4EF0D204.9070903@libertytrek.org> Date: Tue, 20 Dec 2011 13:20:52 -0500 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20111105 Thunderbird/8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Allow non root users to edit files owned by root? References: <4EF0A415.8020007@libertytrek.org> <4EF0B101.3060709@binarywings.net> <4EF0BFC7.7040303@libertytrek.org> <4EF0C3D3.8020504@binarywings.net> In-Reply-To: <4EF0C3D3.8020504@binarywings.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 83626384-3673-4018-aaa2-24db33a9c6f7 X-Archives-Hash: eb4bd8d076f3c45ec50bf53618cb7cf3 On 2011-12-20 12:20 PM, Florian Philipp wrote: > Well, as I've said, using a/normal/ editor doesn't solve the problem > because you can use nano for opening a shell, thereby escalating your > privileges. You have to use rnano (or nano -R). This solution is not > really meant for the luxury of a full blown editor with arbitrary > arguments and capabilities. rnano doesn't read nanorc files, for > example. If you cannot agree on a common set of safe flags, you > shouldn't use sudo for this purpose. Points taken from all, thanks... I settled on requiring the -R flag for nano, and limited the files that he can edit, so he will simply have to live with this. Thanks all...