[Xorp-users] install problem
Ben Greear
greearb at candelatech.com
Mon Jul 27 09:25:56 PDT 2009
On 07/27/2009 08:59 AM, Bruce Simpson wrote:
> Ben Greear wrote:
>> Any reason to keep this requirement? If they have OS user permissions
>> to do routing
>> stuff, shouldn't they just be allowed to run?
>
> My best guess is that a group ID check was chosen, as this is the most
> portable means, between UNIX-like systems, of ensuring a user has
> appropriate privileges. Most systems will only allow root to manipulate
> the routing table, so the use of group xorp seems reasonable.
This only checks the client process, right?
If so, is there anything that would keep a user from running xorpsh on a separate machine (or VM)
and connecting to the main xorp processes remotely?
Thanks,
Ben
>
> thanks
> BMS
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Xorp-users
mailing list