From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rdkqm-00011Y-4X for garchives@archives.gentoo.org; Thu, 22 Dec 2011 15:46:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F32E521C1B9; Thu, 22 Dec 2011 15:46:13 +0000 (UTC) Received: from homiemail-a80.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 5097721C14A for ; Thu, 22 Dec 2011 15:44:45 +0000 (UTC) Received: from homiemail-a80.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a80.g.dreamhost.com (Postfix) with ESMTP id CE84D37A06B for ; Thu, 22 Dec 2011 07:44:43 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=libertytrek.org; h=message-id :date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; q=dns; s= libertytrek.org; b=BObopdssJgDi3B5m+8OMVoG4NqZZdjhNQajkA4n1eDemU 8GxQ2Y5TdDF/O/BpLt6By8DRYk9UTTHZrxt4hZOsKJx+8WBQ5CxBWzj7lcKSS4bm 9voEOLGa0V8/GTUOn1MiN4bsyf7T2U3Wyy3tWUiMD1n6Pox11zgUHDYoMB1O/4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s= libertytrek.org; bh=q++XeF7NF6KNF+dRvkWAg+kkAOQ=; b=VvVvrLIkUSvW vCFWrqAK1DU25hvLQMDp/cHDfjzYAuCnN2qqdLgE9iL53t/kvQwiodjFjh7QE06o HABNE+HZKUnKyMS7UDwZNTV/+jf8iAiwyo5N/VoaOuWxVq8mdQ9Lxw2+bCOpbEHq 1l3/TwA6l4TXO8Pu/R2R819i8/H5svo= Received: from [127.0.0.1] (smtp.media-brokers.com [70.43.81.99]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a80.g.dreamhost.com (Postfix) with ESMTPSA id 3A1FD37A065 for ; Thu, 22 Dec 2011 07:44:43 -0800 (PST) Message-ID: <4EF3506B.5020802@libertytrek.org> Date: Thu, 22 Dec 2011 10:44:43 -0500 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0) Gecko/20111220 Thunderbird/9.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Allow non root users to edit files owned by root? References: <4EF0A415.8020007@libertytrek.org> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 56e37cc4-7433-4443-9c8d-1afc403088a9 X-Archives-Hash: 6aa59c01c5ea8b7ee8716ca349a4dc39 On 2011-12-20 12:19 PM, Nikos Chantziaras wrote: > If you allow someone to edit root owned files, you're practically giving > him root access. Well, yeah, but only on those defined files... I'm not worried about them messing up stuff in /var/www/*, but I am worried about them messing up stuff in /etc > So the fact that he doesn't know the root password is totally > irrelevant; he doesn't even need the password anymore to gain root > access since he already has that access. But he only has root access in explicitly defined, non-system, non critical directories... > So you might want to rethink the way you want to allow him to edit those > files. I *want* him to be able to do whatever he wants in /var/www (and a few other non critical directories)...