From owner-freebsd-questions  Fri Feb  2  0:27: 1 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from isy.liu.se (isy.liu.se [130.236.48.10])
	by hub.freebsd.org (Postfix) with ESMTP id 5620A37B491
	for <freebsd-questions@FreeBSD.ORG>; Fri,  2 Feb 2001 00:26:43 -0800 (PST)
Received: from lagrange.isy.liu.se (lagrange.isy.liu.se [130.236.49.127])
	by isy.liu.se (8.10.0/8.10.0) with ESMTP id f128Qbh23645;
	Fri, 2 Feb 2001 09:26:37 +0100 (MET)
Message-ID: <XFMail.010202092636.mj@isy.liu.se>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <3A79E224.51068730@i-clue.de>
Date: Fri, 02 Feb 2001 09:26:36 +0100 (CET)
From: Micke Josefsson <mj@isy.liu.se>
To: Christoph Sold <so@server.i-clue.de>
Subject: Re: About delegating account creation
Cc: freebsd-questions@FreeBSD.ORG
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 01-Feb-01 Christoph Sold wrote:
> 
> 
> Micke Josefsson schrieb:
>> 
>> I am root on a server. And as such I can create new accounts. Now if am away
>> can
>> I delegate account creation to someone else without also giving him/her the
>> means of creating havoc with the system?
>> 
>> Would it be enough to include this person into, say, the wheel group? (as the
>> pw
>> an vipw command are owned by root:wheel). Can I do chmod 660 on
>> /etc/master.passwd or is that a bad thing?
>> 
>> How does one do this 'in real life'?
> 
> How about /usr/ports/security/sudo? This way, you may delegate root
> rights for a single command to any user or group. I'd delegate adduser
> to somebody trusted. Anyhow, if you can use adduser, you can create
> another root account for you, so why not trust her with a root password?
> 
> HTH
> -Christoph Sold

Sudo looks promising. I'll look into that. It is not that I don't trust the
person having the root password. I am certain he won't try anything
malilcious.But IF he makes a typo or is in the wrong directory by pure unluck
when doing something detrimental to the system the server might be f*d up. 

Thanks,
Micke


----------------------------------
Michael Josefsson, MSEE
mj@isy.liu.se

This message was sent by XFMail
running on FreeBSD 3.5-STABLE
----------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message