On Thu, 2007-12-06 at 13:39 -0500, Simo Sorce wrote: > I have the feeling that it is somehow wrong to give sudo that power. > For su I am still uncertain, but given that su does not authenticate > the > final user but only the super user I again wonder if that should give > any access to the kernel keyring. Maybe this is is an ignorant question, but wouldn't you want this for loading/unloading kernel modules via su -c / sudo? Thanks to the nature of iwl3945 and similar drivers, I have been known to execute commands like: $ sudo /sbin/modprobe -r iwl3945 $ sudo /sbin/modprobe iwl3945 I'd think that having proper access to the kernel keyring for ops like that would be ideal, if not necessary. I'm also concerned about when we start making sudo/su not act like the root user, with all rights and permissions, because really, that is the purpose of sudo / su, and one of the reasons that those commands require either root's credentials to use (su / sudo) and/or specific permission (sudoers). ~spot -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
