From owner-freebsd-questions Thu Jul 18 8:10:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B567A37B400 for ; Thu, 18 Jul 2002 08:10:22 -0700 (PDT) Received: from mail6.nc.rr.com (fe6.southeast.rr.com [24.93.67.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17E6643E64 for ; Thu, 18 Jul 2002 08:10:22 -0700 (PDT) (envelope-from bts@fake.com) Received: from this.is.fake.com ([66.26.254.93]) by mail6.nc.rr.com with Microsoft SMTPSVC(5.5.1877.757.75); Thu, 18 Jul 2002 11:10:21 -0400 Received: by this.is.fake.com (Postfix, from userid 111) id 8FFF8BB2C; Thu, 18 Jul 2002 11:10:10 -0400 (EDT) Content-Type: text/plain; charset="iso-8859-1" From: Brian T.Schellenberger To: Tom Limoncelli , freebsd-questions@FreeBSD.ORG Subject: Re: su to root Date: Thu, 18 Jul 2002 11:10:10 -0400 X-Mailer: KMail [version 1.3] References: <3D386AED1B47D411A94300508B11F18703BC5BBE@fmsmsx116.fm.intel.com> <3D35BFB9.FFEAFF17@lumeta.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020718151010.8FFF8BB2C@this.is.fake.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thursday 18 July 2002 11:06 am, Brian T. Schellenberger wrote: | IMHO, "op" is far superior to "sudo." Hmm . . . come to think of it, that's a little terse. "op" is easy to configure, and it allows you give access to people not to certain commands but to certain commands *only* with certain parameters. It has lots flexibility in specifying which commands and which groups of people and so forth. Also whether to prompt for passwords or not with equal flexibility. It's also less syntactically painful when the user uses it. In spite of all this, the access-control file is quite simple to work with. | | On Wednesday 17 July 2002 03:04 pm, Tom Limoncelli wrote: | | "Balaji, Pavan" wrote: | | > I wonder what exactly this means. I don't remember seeing any option | | > for creating/not-creating the wheel group while installation. | | | | It means "Install 'sudo' so that you get tighter control over who can do | | what, and much better logging." | | | | :-) | | | | I've known about sudo for ages but only started using it. After learning | | the configuration syntax, I've found it a great little utility. There | | are now many cases where I used to hand out root access but now I only | | have to give sudo access to a particular command. (Disclaimer: you | | shouldn't give sudo access to any command that you haven't personally | | audited or you may be giving the person full root access without knowing | | it.) | | | | --tal -- Brian, the man from Babble-On . . . . bts@babbleon.org (personal) http://www.babbleon.org http://www.eff.org http://www.programming-freedom.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message