From owner-freebsd-stable@FreeBSD.ORG Sat Apr 28 10:21:20 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 156D6106566B for ; Sat, 28 Apr 2012 10:21:20 +0000 (UTC) (envelope-from lars@e-new.0x20.net) Received: from mail.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3]) by mx1.freebsd.org (Postfix) with ESMTP id 8004B8FC0A for ; Sat, 28 Apr 2012 10:21:19 +0000 (UTC) Received: from mail.0x20.net (mail.0x20.net [217.69.76.211]) by mail.0x20.net (Postfix) with ESMTP id 27BBD6A6017; Sat, 28 Apr 2012 12:21:18 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.0x20.net Received: from mail.0x20.net ([217.69.76.211]) by mail.0x20.net (mail.0x20.net [217.69.76.211]) (amavisd-new, port 10024) with ESMTP id IzeSROCreEos; Sat, 28 Apr 2012 12:21:17 +0200 (CEST) Received: from e-new.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.0x20.net (Postfix) with ESMTPS id CDD076A6014; Sat, 28 Apr 2012 12:21:17 +0200 (CEST) Received: from e-new.0x20.net (localhost [127.0.0.1]) by e-new.0x20.net (8.14.4/8.14.4) with ESMTP id q3SALH5f003373; Sat, 28 Apr 2012 12:21:17 +0200 (CEST) (envelope-from lars@e-new.0x20.net) Received: (from lars@localhost) by e-new.0x20.net (8.14.4/8.14.4/Submit) id q3SALHSc002344; Sat, 28 Apr 2012 12:21:17 +0200 (CEST) (envelope-from lars) Date: Sat, 28 Apr 2012 12:21:17 +0200 From: Lars Engels To: "Patrick M. Hausen" Message-ID: <20120428102117.GX37811@e-new.0x20.net> References: <4F9BBABA.6040708@rdtc.ru> <0F37A1B9-993B-4A4E-9FCC-8B19AADCFB72@punkt.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W0/HzBmgDFoB92Bf" Content-Disposition: inline In-Reply-To: <0F37A1B9-993B-4A4E-9FCC-8B19AADCFB72@punkt.de> X-Editor: VIM - Vi IMproved 7.3 X-Operation-System: FreeBSD 8.2-RELEASE-p3 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Zenny , "freebsd-stable@freebsd.org" , Eugene Grosbein Subject: Re: Restricting users from certain privileges X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 10:21:20 -0000 --W0/HzBmgDFoB92Bf Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Apr 28, 2012 at 11:47:07AM +0200, Patrick M. Hausen wrote: > Hi, all, >=20 > Am 28.04.2012 um 11:39 schrieb Eugene Grosbein: >=20 > > 28.04.2012 14:50, Zenny ??????????: > >=20 > >>> try sudo from ports, security/sudo > >>>=20 > >>> cheers, > >>> danny > >>>=20 > >>>=20 > >> Thanks Daniel, but sudo gives all (not selective) root privileges to t= he > >> user (admin in my case). So this is not what I am trying to achieve in= my > >> original post. > >=20 > > Please do study sudo real power :-) > > It can give selective privileges per-command, > > an d it can also allow one to run some command with some arguments only > > and not with others. Or, without any arguments only - as you tune > > its sudoers configuration file. >=20 >=20 > Just make sure none of the permitted commands has got the > feature of starting a shell ;-)) Right, think of vi(1), less(1), et al. --W0/HzBmgDFoB92Bf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk+bxJ0ACgkQKc512sD3afgVeACgmequsCJhr1A9xPD+S+iLU7sU Ll0AniSKZ+b5QDQ79p0KUlkWPoKV94g5 =e4YX -----END PGP SIGNATURE----- --W0/HzBmgDFoB92Bf--