From owner-freebsd-security Tue Apr 17 18:14:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id A460F37B43E for ; Tue, 17 Apr 2001 18:14:25 -0700 (PDT) (envelope-from roelof@nisser.com) Received: from nisser.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id DAA32903; Wed, 18 Apr 2001 03:14:13 +0200 (CEST) (envelope-from roelof@nisser.com) Message-ID: <3ADCEA65.53BF8E3@nisser.com> Date: Wed, 18 Apr 2001 03:14:13 +0200 From: Roelof Osinga Organization: Nisser - Nr. 1 in Veiligheid X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: anderson@centtech.com Cc: lloyd@li5.org, "freebsd-security@freebsd.org" Subject: Re: Add/Remove Users References: <200104171545.f3HFjKq76155@mail.wsufftrust.org.uk> <3ADC56CF.D3498E5@centtech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eric Anderson wrote: > > You should check out the man page for sudo, since you can set the > NOPASSWD option to not ask for passwords.. To smooth things over a demo: #nobody ALL=(root) NOPASSWD: /usr/local/sbin/userdb, /bin/sh, \ # /usr/local/sbin/userdbpw, /usr/local/sbin/makeuserdb # WEBAPP may run VMAIL without password on NISSER hosts WEBAPP NISSER = NOPASSWD:VMAIL The former is explicit whereas the latter depends on having the various aliasses defined. Suffice to say that the VMAIL alias does not include /bin/sh, that was for testing purposes only. Roelof PS these were some intermediairy steps for a webapp that could change a virt.users virt.password, nobody being the user apache runs as. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message