From owner-freebsd-questions Wed Aug 8 3: 7: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13306.mail.yahoo.com (web13306.mail.yahoo.com [216.136.175.42]) by hub.freebsd.org (Postfix) with SMTP id 9FF5237B401 for ; Wed, 8 Aug 2001 03:07:02 -0700 (PDT) (envelope-from sumirati@yahoo.de) Message-ID: <20010808100702.25638.qmail@web13306.mail.yahoo.com> Received: from [193.174.9.99] by web13306.mail.yahoo.com; Wed, 08 Aug 2001 12:07:02 CEST Date: Wed, 8 Aug 2001 12:07:02 +0200 (CEST) From: =?iso-8859-1?q?m=20p?= Subject: Re: Sudo Was: Re: Solved: Was:Re: root/superuser account - big problem - please help To: chip.wiegand@simrad.com Cc: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG First, my apologies for top-posting, I am stuck with Lotus Notes and it sucks for an email client (here at work). I don't know if it handles inline replies properly. > I have heard of but not tried sudo. You mention that it allows the user to > do everything the root > can do, but without the password. Is this a good thing? I can't imagine > how. Why not just use the > root account? I wouldn't want to configure any group to do everything root > can do, considering > the other person who needs to be in that group. (He's only there in case I > leave this place, and is > clueless in anything other than NT.) > I just installed sudo since writing that last paragraph, so I'll be trying > it. > Regards, > Chip Hi, please take a look at /usr/local/etc/sudoers.sample This file gives you an excellent overview of the possibilities (and dangers) while configurating. You can add for your UID that you can type "sudo reboot" (or any other command) with or without YOUR password. So no one can type "sudo reboot" while you are not at your place and without knowing your password. The example would be like (assumed your UID is 'chip') chip ALL = REBOOT, SU you will need a password (if not add the following line) on all computers (which can be accessed via rsh/rlogin mechanism) the commands in the groups REBOOT and SU. Example with no passwd: chip ALL = NOPASSWD: REBOOT, SU For my original mail i assumed, that you trust! all users in the WHEEL-group - therefore you would not have to implement all kind of security. Hope that helps Marc __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message