Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 28 Apr 2012 13:12:25 -0500
From:      Stephen Montgomery-Smith <stephen@missouri.edu>
To:        Zenny <garbytrash@gmail.com>
Cc:        "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
Subject:   Re: Restricting users from certain privileges
Message-ID:  <4F9C3309.60704@missouri.edu>
In-Reply-To: <CACuV5sCHmnUnXTTY%2BkGqszi-Ynu8Vr3bf%2BLALf=yQbhHPXSdXA@mail.gmail.com>
References:  <CACuV5sCyCgn8aBawTEP=BT%2B%2B4Ut4kPt8fXSq%2BgcS2YrkZaU%2BJw@mail.gmail.com> <E1SO2ER-000K66-8k@kabab.cs.huji.ac.il> <CACuV5sCHmnUnXTTY%2BkGqszi-Ynu8Vr3bf%2BLALf=yQbhHPXSdXA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 04/28/2012 02:50 AM, Zenny wrote:
> On Sat, Apr 28, 2012 at 9:38 AM, Daniel Braniss<danny@cs.huji.ac.il>  wrote:
>
>>> Hi:
>>>
>>> I could not figure out how to restrict users or other users from certain
>>> privileges to execute certain commands in FreeBSD/NanoBSD?
>>>
>>> What I meant is I want to create a NanoBSD image in which there will be
>> an
>>> additional user, say 'admin'. I need to give this new user (admin) some
>>> privileges to run some root-can-only-execute commands, but not all (ACL
>>> similar to the firmwares in adsl modems from ISPs).
>>>
>>> I read Dru Lavingne's 'BSD Hacks' and Joseph Kong's 'Designing BSD
>>> Rootkits' besides FreeBSD handbook, but I simply could not figure out.
>>> Could anyone throw some light on this? Appreciate it!
>>>
>>> Thanks!
>>>
>>> /zenny
>>
>> try sudo from ports, security/sudo
>>
>> cheers,
>>         danny
>>
>>
> Thanks Daniel, but sudo gives all (not selective) root privileges to the
> user (admin in my case). So this is not what I am trying to achieve in my
> original post.

Try the security/super port.  It is easy to create very fine grained 
privileges to selected users.  (I am not saying that sudo cannot do 
this, but with super it is very easy.)




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F9C3309.60704>