Date: Tue, 20 Jul 1999 23:35:59 +0600 (ESS) From: Ilia Chipitsine <ilia@cgilh.chel.su> To: Vincent Poy <vince@venus.GAIANET.NET> Cc: "T. William Wells" <bill@twwells.com>, freebsd-questions@FreeBSD.ORG Subject: Re: how to watch the root user? Message-ID: <Pine.BSF.4.05.9907202332510.361-100000@localhost.cgu.chel.su> In-Reply-To: <Pine.BSF.4.05.9907191404520.331-100000@venus.GAIANET.NET>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Jul 1999, Vincent Poy wrote: > On Mon, 19 Jul 1999, Ilia Chipitsine wrote: > > > look at the sudo program, it's in the ports collection. > > it has a configuration, which describes which user is allowed > > to do tasks as a root. > > > > but, once you gave somebody all the root's rights, it's not possible to > > watch what he/she did. > > > > do not allow 'sudo' for > > > > 1. cp > > 2. rm > > 3. dd > > 4. passwd > > 5. ? > > > > it's not safe at all. > > I think we need sudo for just finger, adduser, rmuser, passwd. oh, boy .... passwd ?! they will change root password :-( at least make sure you have NO secure tty in /etc/ttys. xdm by default is secure, which means that if you have it ON, anybody will login as root from remote machines ($ X -query <machine-of-those-idiots> ) > The thing is that I can write a shell script to do all the functions and > have that as a default shell but how do I call up sudo into the script. > > > Cheers, > Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ > Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] > GaiaNet Corporation - M & C Estate / / / / | / | __] ] > Beverly Hills, California USA 90210 / / / / / |/ / | __] ] > HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] > > > > On Sun, 18 Jul 1999, Vincent Poy wrote: > > > > > Speaking about root or limited root, does anyone happen to know > > > how to give like a account with limited root priviliges such as add/delete > > > users and changing a users password via a shell that calls up a shell > > > script but without full access as root. > > > > > > > > > Cheers, > > > Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ > > > Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] > > > GaiaNet Corporation - M & C Estate / / / / | / | __] ] > > > Beverly Hills, California USA 90210 / / / / / |/ / | __] ] > > > HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9907202332510.361-100000>