From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OuXCl-0006N9-Eg for garchives@archives.gentoo.org; Sat, 11 Sep 2010 21:01:47 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 41AC9E0A52; Sat, 11 Sep 2010 21:01:05 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 25867E0A52 for ; Sat, 11 Sep 2010 21:01:05 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id CF4B21B4077 for ; Sat, 11 Sep 2010 21:01:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.91 X-Spam-Level: X-Spam-Status: No, score=-2.91 required=5.5 tests=[AWL=-0.311, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iY+Sy8ys-eTK for ; Sat, 11 Sep 2010 21:00:58 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 287FB1B40AD for ; Sat, 11 Sep 2010 21:00:55 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OuXBs-0000Tk-Uw for gentoo-user@gentoo.org; Sat, 11 Sep 2010 23:00:52 +0200 Received: from athedsl-378698.home.otenet.gr ([79.131.31.72]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 11 Sep 2010 23:00:52 +0200 Received: from realnc by athedsl-378698.home.otenet.gr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 11 Sep 2010 23:00:52 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: sudo in kernel config ? Date: Sun, 12 Sep 2010 00:01:05 +0300 Organization: Lucas Barks Message-ID: References: <201009111024.31634.stephane@22decembre.eu> <1284198419.2992.20.camel@paska> <201009112218.05042.alan.mckinnon@gmail.com> <4C8BE82E.6020500@gmail.com> <4C8BEB3C.6030202@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: athedsl-378698.home.otenet.gr User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100908 Thunderbird/3.1.3 In-Reply-To: <4C8BEB3C.6030202@gmail.com> Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 64d05dbf-0b91-4f33-af2d-f5e79e699326 X-Archives-Hash: 41778d5f1fd6b9979a432061aa6b4c33 On 09/11/2010 11:49 PM, Dale wrote: > Nikos Chantziaras wrote: >> On 09/11/2010 11:35 PM, Dale wrote: >>> Alan McKinnon wrote: >>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010, >>>> Albert >>>> Hopkins did opine thusly: >>>> >>>>> On Sat, 2010-09-11 at 10:24 +0200, St=C3=A9phane Guedon wrote: >>>>>> few months ago, I read linux kernel in a nutschell(sic), and the >>>>>> author >>>>>> wrote we shouldn't do kernel operations (config and build) as root= . >>>>> I call bullsh*t. I've been compiling kernels for 17 years and for t= he >>>>> most part have done it as root without any problems. >>>> Same here. >>>> >>>> The root user (sometimes portage) creates /usr/src/linux-* >>>> >>>> Someone tell me again exactly how user alan is supposed to build tho= se >>>> sources? >>>> >>> >>> If they are accessible by a user, couldn't a user then edit or add >>> something that would then cause a security problem? If they can edit >>> them and no one know it, then root comes along and builds a shiney ne= w >>> kernel with a really nice security hole. >>> >>> Glad only root can get to the sources. ;-) >> >> No, any user can't edit them; only the user you assign the files to. >> If you assign them to root, only root can edit them. If you assign >> them to kerneluser, only kerneluser can edit them. >> >> This is Unix 101 :) >> >> > > My point was, if the sources are say in the user group, then any user > can edit them? Right now, they are in the root group and owned my root > which for security reasons is a good idea. That way a regular user can'= t > edit or modify the kernel sources. The group can only write if the files have the group write permission=20 set. Still in Unix 101 domain, hehe :)