[01:28] so if a routine shell script needs to run as root, is it better to have setuid wrapper that calls it or just a simple sudo definition [01:37] Define "routine" [01:38] If we're talking "routine" as in run from cron, just run the script from root's crontab [01:39] If it's an admin script, then sudo [01:41] Note that a setuid wrapper adds needless complication, and could be abused (if someone replaced the target script with their own, for instance) [01:47] yeah, it's not periodic enough to warrant cron [01:47] but "lesser" admins need access to it. sudo seems easiest/safest and it's what i've been doing lately. [01:47] long ago, i used C wrapper binaries [02:36] setuid binaries have fallen out of fashion [02:36] but most people seem to end up opening sudo too much [02:36] convenience over security [02:37] i don't really see how open sudo is more secure than logging in as root myself [03:46] hint - in sudo, don't restrict people to "vi" :) [03:47] or "less" [03:47] former $client did that... nice backdoor [03:47] That's what she said!! [07:42] *** booly-yam-1617 has joined #arpnetworks [07:50] *** booly-yam-1617 has quit IRC (Remote host closed the connection) [09:57] lol [09:57] good one BryceBot [10:24] yeah, never been a big fan of the sudo regex [10:24] i think it makes it too easy to make a mistake [11:13] *** dj_goku has quit IRC (Ping timeout: 255 seconds) [11:43] *** dj_goku has joined #arpnetworks [14:35] *** ix33 has quit IRC (Quit: WeeChat 0.4.1) [15:50] *** dj_goku has quit IRC (Ping timeout: 240 seconds) [16:05] *** dj_goku has joined #arpnetworks [16:05] *** dj_goku has quit IRC (Changing host) [16:05] *** dj_goku has joined #arpnetworks [16:45] *** mdu59_ has quit IRC (Quit: leaving) [21:16] *** zeshoem has joined #arpnetworks [23:50] *** jlgaddis has quit IRC (Ping timeout: 252 seconds)