From owner-freebsd-questions  Thu Apr 11 22:42:56 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from raiden.jasnetworks.net (raiden.jasnetworks.net [65.194.248.251])
	by hub.freebsd.org (Postfix) with ESMTP id 92E5237B400
	for <freebsd-questions@FreeBSD.ORG>; Thu, 11 Apr 2002 22:42:52 -0700 (PDT)
Received: from works (works.jasnetworks.net [192.168.0.2])
	by raiden.jasnetworks.net (8.11.6/8.11.6) with ESMTP id g3C5mu004955
	for <freebsd-questions@FreeBSD.ORG>; Fri, 12 Apr 2002 01:48:56 -0400 (EDT)
	(envelope-from raiden23@netzero.net)
Message-Id: <4.2.0.58.20020412014309.0095d460@pop.netzero.net>
X-Sender: raiden23@pop.netzero.net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Fri, 12 Apr 2002 01:49:20 -0400
To: freebsd-questions@FreeBSD.ORG
From: Lord Raiden <raiden23@netzero.net>
Subject: Setting user execution rights
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

	Ok, I'm curious of something.  How do I set it so that a given user has 
permission to execute program X and Y and look at a few files or logs on a 
given server yet not to anything else?  I've got some servers I'm looking 
to lock down but to do so means that I have to login as root each time I 
need to do maintenance, and I hate being woke at 3am to bounce apache 
because there was a power glitch or something or Ldap bit the dust.  I want 
to set it so that certain users have rights to execute, kill, restart 
certain programs, and view certain files without giving them any privileges 
above and beyond that.  So for example user "joedoe" will be able to logon 
as "joedoe" and start/kill/restart apache and view the apache logs, but 
nothing else.  A task normally only available to root.  Joe Doe #2 would 
have rights to do the same with FTPD and view/edit/delete web content under 
"usr/local/www/data" and nothing more.

	It's been so long since I've had to do this that I've gone stupid.  Can 
someone refresh me on how to do this?  Thanks. 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message