Date: Sat, 28 Apr 2012 13:12:25 -0500 From: Stephen Montgomery-Smith <stephen@missouri.edu> To: Zenny <garbytrash@gmail.com> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: Restricting users from certain privileges Message-ID: <4F9C3309.60704@missouri.edu> In-Reply-To: <CACuV5sCHmnUnXTTY%2BkGqszi-Ynu8Vr3bf%2BLALf=yQbhHPXSdXA@mail.gmail.com> References: <CACuV5sCyCgn8aBawTEP=BT%2B%2B4Ut4kPt8fXSq%2BgcS2YrkZaU%2BJw@mail.gmail.com> <E1SO2ER-000K66-8k@kabab.cs.huji.ac.il> <CACuV5sCHmnUnXTTY%2BkGqszi-Ynu8Vr3bf%2BLALf=yQbhHPXSdXA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On 04/28/2012 02:50 AM, Zenny wrote: > On Sat, Apr 28, 2012 at 9:38 AM, Daniel Braniss<danny@cs.huji.ac.il> wrote: > >>> Hi: >>> >>> I could not figure out how to restrict users or other users from certain >>> privileges to execute certain commands in FreeBSD/NanoBSD? >>> >>> What I meant is I want to create a NanoBSD image in which there will be >> an >>> additional user, say 'admin'. I need to give this new user (admin) some >>> privileges to run some root-can-only-execute commands, but not all (ACL >>> similar to the firmwares in adsl modems from ISPs). >>> >>> I read Dru Lavingne's 'BSD Hacks' and Joseph Kong's 'Designing BSD >>> Rootkits' besides FreeBSD handbook, but I simply could not figure out. >>> Could anyone throw some light on this? Appreciate it! >>> >>> Thanks! >>> >>> /zenny >> >> try sudo from ports, security/sudo >> >> cheers, >> danny >> >> > Thanks Daniel, but sudo gives all (not selective) root privileges to the > user (admin in my case). So this is not what I am trying to achieve in my > original post. Try the security/super port. It is easy to create very fine grained privileges to selected users. (I am not saying that sudo cannot do this, but with super it is very easy.)home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F9C3309.60704>