From owner-freebsd-questions Thu Nov 1 5:10:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id C5A2F37B401 for ; Thu, 1 Nov 2001 05:10:14 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fA1D9qj05122; Thu, 1 Nov 2001 14:09:53 +0100 (CET) Message-ID: <00cf01c162d6$8ada24c0$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "FreeBSD Questions" References: <00ce01c162d1$054242c0$1401a8c0@tedm.placo.com> Subject: Re: Tiny starter configuration for FreeBSD Date: Thu, 1 Nov 2001 14:10:05 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ted writes: > Webmin contains it's own security mechanism that is > much more fine grained than the UNIX system permission. Is this a CLI application, or does it need to run under X? My policy in the past on systems with UNIX-like security (or rather lack thereof) has been to set up specific commands for each task that must be carried out as root. Authorized persons can then execute these commands (each of which has its own checks for authorization, or references some common file for such information) to do only what they are supposed to be able to do. Most other people reach this same conclusion independently, and it seems that it is routine on UNIX systems to do things this way. It works well, although it requires a lot of coding and administration for the handful of people who really are authorized to be root. It also has to be audited carefully, so that no command permits doing more than it should, and no Trojan horses slip into the system. For timesharing systems contemporary with UNIX, this sort of arrangement is more the rule than the exception, in fact. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message