|
|
|
|
|
|
by Beltalowda
1329 days ago
|
|
|
Being able to write to /etc/ is effectively just granting full access, since there's lots of things in there that can run code. Doing fine-grained access is really hard; even without "root" you still have things like, say, "archive_command" in postgresql.conf which will allow running people to run arbitrary commands as the postgres user, and is that really what you want? There's lots of little things like that ranging from application configurations to crontabs to your init system. |
|
|