From owner-freebsd-hackers  Wed Dec  6 20:59:32 2000
From owner-freebsd-hackers@FreeBSD.ORG  Wed Dec  6 20:59:30 2000
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from firefly.prairienet.org (firefly.prairienet.org [192.17.3.3])
	by hub.freebsd.org (Postfix) with ESMTP id CDF2737B401
	for <hackers@FreeBSD.ORG>; Wed,  6 Dec 2000 20:59:29 -0800 (PST)
Received: from sherman.spotnet.org (slip-88.prairienet.org [192.17.3.108])
	by firefly.prairienet.org (8.9.3/8.9.3) with ESMTP id WAA19568;
	Wed, 6 Dec 2000 22:59:26 -0600 (CST)
Date: Wed, 6 Dec 2000 22:59:24 -0600 (CST)
From: David Talkington <dtalk@prairienet.org>
X-Sender: dtalk@sherman.spotnet.org
To: Roop Nanuwa <roop@gw.carpoolbc.com>
Cc: Michael Chong <MichaelC@fool.com>,
	"'hackers@FreeBSD.ORG'" <hackers@FreeBSD.ORG>
Subject: Re: your mail
In-Reply-To: <Pine.BSF.4.21.0012061845090.3711-100000@gw.carpoolbc.com>
Message-ID: <Pine.LNX.4.21.0012062249340.1353-100000@sherman.spotnet.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>
>I think what you're looking for is something similar (or exactly
>like) 'sudo'..

sudo definitely helps if it's carefully administered, but it still
grants root access to a file, which may not really be what you want.
As a Unix advocate in general, I'm looking forward to seeing how well
Sun does this.  ACLs are one of the things that NTFS does well, and
Unix traditionally doesn't really provide for.  In an environment like
ours, where we have a plethora of community members and volunteers
doing various things on our Solaris system, you quickly discover the
limits of sudo's ability to dispense privileges surgically without
creating security holes.

You can do a lot with carefully configured groups, but as the number
of users increases and the system activities become more disparate,
this gets complicated...

My $.02 -d

>On Wed, 6 Dec 2000, Michael Chong wrote:
>
>> I have a question about FreeBSD...is it possible to set acl's on commands?
>> (eg..giving one specific user the abiltity to execute a command w/o putting
>> them in a group)  I'm talking about something like this:
>> http://www.sunworld.com/swol-06-1998/swol-06-insidesolaris.html.  Can we do
>> something like this with FreeBSD?
>> 
>> 
>> 
>> 
>> 
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe freebsd-hackers" in the body of the message
>> 
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-hackers" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message