Date: Fri, 02 Feb 2001 09:26:36 +0100 (CET) From: Micke Josefsson <mj@isy.liu.se> To: Christoph Sold <so@server.i-clue.de> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: About delegating account creation Message-ID: <XFMail.010202092636.mj@isy.liu.se> In-Reply-To: <3A79E224.51068730@i-clue.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01-Feb-01 Christoph Sold wrote: > > > Micke Josefsson schrieb: >> >> I am root on a server. And as such I can create new accounts. Now if am away >> can >> I delegate account creation to someone else without also giving him/her the >> means of creating havoc with the system? >> >> Would it be enough to include this person into, say, the wheel group? (as the >> pw >> an vipw command are owned by root:wheel). Can I do chmod 660 on >> /etc/master.passwd or is that a bad thing? >> >> How does one do this 'in real life'? > > How about /usr/ports/security/sudo? This way, you may delegate root > rights for a single command to any user or group. I'd delegate adduser > to somebody trusted. Anyhow, if you can use adduser, you can create > another root account for you, so why not trust her with a root password? > > HTH > -Christoph Sold Sudo looks promising. I'll look into that. It is not that I don't trust the person having the root password. I am certain he won't try anything malilcious.But IF he makes a typo or is in the wrong directory by pure unluck when doing something detrimental to the system the server might be f*d up. Thanks, Micke ---------------------------------- Michael Josefsson, MSEE mj@isy.liu.se This message was sent by XFMail running on FreeBSD 3.5-STABLE ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.010202092636.mj>