- Update mastersite.
- Update pkg-descr. PR: ports/100715 Submitted by: Babak Farrokhi <babak@farrokhi.net> (maintainer)
This commit is contained in:
parent
1fa810ee38
commit
c49ad1acca
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=168614
2 changed files with 6 additions and 36 deletions
|
@ -9,7 +9,8 @@
|
|||
PORTNAME= super
|
||||
PORTVERSION= 3.26.1
|
||||
CATEGORIES= security sysutils
|
||||
MASTER_SITES= ftp://ftp.ucolick.org/pub/users/will/
|
||||
MASTER_SITES= ftp://ftp.ucolick.org/pub/users/will/ \
|
||||
http://www.ucolick.org/~will/RUE/super/
|
||||
EXTRACT_SUFX= -tar.gz
|
||||
|
||||
MAINTAINER= babak@farrokhi.net
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
Super is a setuid-root program that offers
|
||||
Super is a setuid-root program that offers:
|
||||
|
||||
o restricted setuid-root access to executables, adjustable
|
||||
on a per-program and per-user basis;
|
||||
|
@ -7,30 +7,8 @@ Super is a setuid-root program that offers
|
|||
scripts can be run as root (or some other uid/gid), without
|
||||
unduly compromising security.
|
||||
|
||||
Sample uses:
|
||||
- to call a script that allows users to use mount(8) on
|
||||
cdrom's or floppy disks, but not other devices.
|
||||
The design philosophy behind super is two-fold:
|
||||
|
||||
- to restrict which users, on which hosts, may execute a
|
||||
setuid-root program.
|
||||
|
||||
- to allow groups of trusted users (e.g. an "operator" group) complete
|
||||
root access to sets of selected commands such as, say, line-printer
|
||||
control commands, without giving away access to other commands,
|
||||
and with full logging of all commands used.
|
||||
|
||||
|
||||
Super and sudo
|
||||
--------------
|
||||
Sudo --
|
||||
Sudo allows a permitted user to execute a command as the superuser.
|
||||
Its central design philosophy is that each user can be
|
||||
trusted when executing certain commands. This is implemented
|
||||
by allowing each user to execute the restricted commands for
|
||||
which s/he is trusted, without giving access to other restricted commands.
|
||||
|
||||
Super --
|
||||
The design philosophy behind super is two-fold:
|
||||
(a) some users can be trusted when executing certain commands;
|
||||
(b) there are some commands, such as a script to mount CDROM's,
|
||||
which you'd like to be safely executable even by users who
|
||||
|
@ -39,14 +17,5 @@ Super --
|
|||
can be hard to break, and super provides that wrapper so that
|
||||
even a non-trusted user can use the scripts.
|
||||
|
||||
In the author's view, the main differences to the administrator are:
|
||||
|
||||
(1) the files that specify valid user/command combinations have
|
||||
a different look and feel.
|
||||
|
||||
(2) super provides a safe wrapper for scripts, so that a
|
||||
well-written script can be run safely by ordinary
|
||||
users without having to actually trust them.
|
||||
|
||||
|
||||
-- David (obrien@FreeBSD.org)
|
||||
WWW: http://www.ucolick.org/~will/#super
|
||||
AUTHOR: Will Deich <will@ucolick.org>
|
||||
|
|
Loading…
Reference in a new issue