usermod as non-root user
Posted Dec 11, 2008 3:18 UTC (Thu) by pr1268 (subscriber, #24648)
I was wondering the same... I believe that the second paragraph answers this—Callum Lerwick was running it (presumably without any arguments) to get a quick reference on how to use it. Which I do occasionally for unfamiliar shell commands when I don't want to wade through a man page (or if a man page doesn't exist).
Posted Dec 11, 2008 3:45 UTC (Thu) by wtogami (subscriber, #32325)
Presumably if the goal is only to learn how to use it, you could read the man page instead, which by certification requirements must be documented and complete or it is a bug that should be filed and fixed.
Posted Dec 11, 2008 6:42 UTC (Thu) by dlang (subscriber, #313)
_many_ *nix tools can be used by both privileged and non-privileged users. the non-privileged users can do the read functionality of the command, but write commands will fail.
Posted Dec 11, 2008 13:13 UTC (Thu) by epa (subscriber, #39769)
Posted Dec 11, 2008 15:59 UTC (Thu) by felixfix (subscriber, #242)
It's easier to ban dangerous products than ignorant people
Posted Dec 11, 2008 19:57 UTC (Thu) by pr1268 (subscriber, #24648)
Ban the tool when the tool itself is harmless, rather than the subset of its actions which are the real evil.
It's always easier (and more politically "correct") to ban dangerous products/tools rather than ignorant and/or unintelligent people. Notice that I don't mention evil/malicious people, as we (supposedly) have a law enforcement and criminal justice infrastructure to deal with them.
While there's some cynicism in my comment, I generally agree with you—There's a lot of regulatory compliance (e.g., the OSHA labels) forced upon consumer products—some might argue too much—because the consumer public simply has too much to think about at any given moment to fully understand the consequences of (mis-)using things. Like a simple usermod(8) shell command.
Posted Dec 11, 2008 16:24 UTC (Thu) by zuki (subscriber, #41808)
Running rpm -i as a normal user checks the dependencies and then either bails out or fails because it cannot lock the database. So when installing an rpm, you can download it, test for deps, download them, test, ..., and then do sudo rpm -i ... when ready.
Removing this rpm functionality would be a much bigger PITA.
Posted Dec 11, 2008 17:37 UTC (Thu) by wtogami (subscriber, #32325)
Posted Dec 12, 2008 9:30 UTC (Fri) by zuki (subscriber, #41808)
Posted Dec 11, 2008 18:10 UTC (Thu) by iabervon (subscriber, #722)
Say you're trying to add yourself to a group for managing a new piece of software. How do you make sure you don't remove yourself from "wheel" accidentally, leaving yourself unable to apply critical security patches in a timely fashion? In order to be safe, you should be able to run the command in a "pretend" mode that will report the actions it would take without actually taking them (it doesn't seem to have it, so the rest of this is kind of theoretical). But if you're worried about making a mistake in running the command, you should be worried about making a mistake invoking "pretend" mode; to be safe, you should run it without the capabilities to cause actual changes, verify that the effects are what you want, and then acquire the capabilities to do it for real and run the same command.
As a policy, prohibiting attempting operations without appropriate permissions just increases the chance of security breaches due to administrator error.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds