From owner-freebsd-current@FreeBSD.ORG Wed Sep 28 13:28:03 2005 Return-Path: X-Original-To: freebsd-current@FreeBSD.ORG Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7E1316A421 for ; Wed, 28 Sep 2005 13:28:03 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07C1043D5D for ; Wed, 28 Sep 2005 13:28:01 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (gzuvql@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j8SDS0mp049724; Wed, 28 Sep 2005 15:28:00 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j8SDS0eD049723; Wed, 28 Sep 2005 15:28:00 +0200 (CEST) (envelope-from olli) Date: Wed, 28 Sep 2005 15:28:00 +0200 (CEST) Message-Id: <200509281328.j8SDS0eD049723@lurza.secnetix.de> From: Oliver Fromme To: freebsd-current@FreeBSD.ORG, Emanuel.strobl@gmx.net In-Reply-To: <200509281436.25131@harrymail> X-Newsgroups: list.freebsd-current User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) Cc: Subject: Re: user changable brightness? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-current@FreeBSD.ORG, Emanuel.strobl@gmx.net List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Sep 2005 13:28:04 -0000 Emanuel Strobl wrote: > Oliver Fromme wrote: > > [...] > > How about using "sudo" or "super" (from ports collection)? > > Hmm, I never used these but I guess you have to enter the SuperUser > password. No, not necessarily. You can configure it in a way so that a script can be executed by specific users (or groups) under controlled conditions with root priviledges. If you've never used "sudo" or "super" before, I suggest you just give it a try and install /usr/ports/security/super. (Personally I prefer "super", because its configuration is m.) Here's a simple real-world configuration example: /srv/apache/cgi-bin/cvsweb /srv/apache/cgi-bin/cvsweb \ apache@example.de nargs=0 uid=cvs gid= \ env=PATH_INFO,QUERY_STRING,SCRIPT_NAME This enables the "apache" user to run the cvsweb CGI as the "cvs" user on the host example.de (with no arguments, and only passing the environment variables given). No password is required to be entered, obviously. Best regards Oliver PS: In my opinion, there is no reason to implement ACLs, permission modes or similar things for the sysctl MIB. That would add significant complexity for no real benefit, because there are already tools like sudo or super which can be used with great flexibility. For example, look at the existing sysctl vfs.usermount. When set to 1, it allows ordinary users to mount devices (provided they have access to the device and own the mount point). But: What if you want to enable users in group A to mount floppies and CDs, while allowing users in group B to mount USB memory sticks, but only read-only? What if you want to force them to mount things only in their home, but not in /tmp or anywhere else? What if you want to enable mounts only for those users who are logged on the console? What if you want to restrict by date or time? What if you want any user mount to be logged via syslog? All of that is really trivial to do with "super" (each is a one-liner in the configuration). -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925