From owner-freebsd-questions@FreeBSD.ORG Wed May 11 17:02:49 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A54216A4D2 for ; Wed, 11 May 2005 17:02:49 +0000 (GMT) Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6052B43D76 for ; Wed, 11 May 2005 17:02:49 +0000 (GMT) (envelope-from David.Bear@asu.edu) Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769) id <0IGC002014MME1@asu.edu> for freebsd-questions@freebsd.org; Wed, 11 May 2005 10:01:34 -0700 (MST) Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107]) by asu.edu (PMDF V6.1-1X6 #30769) with ESMTP id <0IGC000DT4MM7D@asu.edu> for freebsd-questions@freebsd.org; Wed, 11 May 2005 10:01:34 -0700 (MST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200]) (8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped) with ESMTP id j4BH1Yj5012744 for ; Wed, 11 May 2005 10:01:34 -0700 (MST) Received: by moroni.pp.asu.edu (Postfix, from userid 500) id 0FB37113B; Wed, 11 May 2005 10:01:34 -0700 (MST) Date: Wed, 11 May 2005 10:01:33 -0700 From: David Bear To: freebsd-questions@freebsd.org Message-id: <20050511170133.GD10213@asu.edu> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.4.1i Subject: best practices for administration X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: David.Bear@asu.edu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 May 2005 17:02:49 -0000 Since the BSD community seems to be more security conscious than other (read windows system administrators) groups, I wanted to see if anyone here would have any pointers to best practices documents when administering ANY operating system, not just FreeBSD. I am assuming that many of you must manage other operating systems as well. The nexus of my query lies in my attempt to have our central IT folks issue additional identities for users to have when administering the systems versus doing productivity work on them. I'd like to understand what is done generally when granting users permissions to do things on the operating system that imply 'administration', ie installing software, adding printers, modifying system scripts, etc. There are some here who think that putting standard user ID's into administrative 'groups' is sufficient for granting such priveledges. hopefully, I'm not being too obscure. -- David Bear phone: 480-965-8257 fax: 480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing"