On Sun, Apr 17, 2005 at 03:46:35PM +0200, Lionel Elie Mamane wrote: > For one, it forces backup programs to run as root, instead of another > user ID member of "disk". This makes stepping up from a compromise of > the backup server to a full root compromise of the backuped machines > far easier, when using a partition-based network backup system.
Write access to the devices is mostly equivalent to root. Better use CAP_DAC_READ. Bastian -- Phasers locked on target, Captain.
signature.asc
Description: Digital signature
