Date: Wed, 29 Jan 2014 22:41:19 +0100 From: =?UTF-8?B?xYF1a2FzeiBXxIVzaWtvd3NraQ==?= <lukasz@wasikowski.net> To: Aryeh Friedman <aryeh.friedman@gmail.com>, Michael Dexter <editor@callfortesting.org> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: best way to add www to wheel Message-ID: <52E9757F.4050506@wasikowski.net> In-Reply-To: <CAGBxaX=-bh22QfT5ww-Z%2BQ7rkisjiG60H%2BBu64Oh50uQ1DqNTQ@mail.gmail.com> References: <CAGBxaX=ks3kAfDT6rvzgJcDj8Bs7DPvSRcjJWMoa%2BF9U1qx7tw@mail.gmail.com> <52E9713F.9040508@callfortesting.org> <CAGBxaX=-bh22QfT5ww-Z%2BQ7rkisjiG60H%2BBu64Oh50uQ1DqNTQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
W dniu 2014-01-29 22:26, Aryeh Friedman pisze: > Cross post on purpose because people on -virtualization@ are likely more > familur with bhyve and it's requirements as well knowing what petitecloud > is and what it needs to do (the whole issue is without adding www to wheel > start/stop do not work from the webui) Use security/sudo, maybe with config similar to this this: Cmnd_Alias PETITECLOUD = /usr/sbin/service petitecloud stop, /usr/sbin/service petitecloud start, /usr/sbin/service petitecloud restart www ALL=(ALL) NOPASSWD: PETITECLOUD This way user www can run sudo /usr/sbin/service petitecloud (stop|start|restart) as root (and only those exact commands with those exact parameters). It's a "little" bit safer than your approach which is huge security hole. -- best regards, Lukasz Wasikowski
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52E9757F.4050506>