On 2017-05-11 11:15, Alan McKinnon wrote: > 2. sudo, which frankly is a monumental PITA to maintain - it tends to > grow and bloat and the syntax isn't easy to parse in your mind. It > also doesn't let you give users access to a certain thing,
If the thing is an object in the filesystem, old fashioned group permissions will suffice. > you have to come up with all the commands that do that, then figure > out a regex that matches what you want and nothing you don't want. A > real PITA You can always write a 10 line C program that does nothing but exec() the program you need (with full path of course) with the exact arguments you need. If some massaging of the args is needed it can be done in a script before you enter the suid danger zone. But yes, I agree sudo is a PITA. -- Please *no* private Cc: on mailing lists and newsgroups Personal signed mail: please _encrypt_ and sign Don't clear-text sign: http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html
