Date: Tue, 20 Jul 1999 19:44:59 -0700 (PDT) From: Vincent Poy <vince@venus.GAIANET.NET> To: Ilia Chipitsine <ilia@cgilh.chel.su> Cc: "T. William Wells" <bill@twwells.com>, freebsd-questions@FreeBSD.ORG Subject: Re: how to watch the root user? Message-ID: <Pine.BSF.4.05.9907201943430.331-100000@venus.GAIANET.NET> In-Reply-To: <Pine.BSF.4.05.9907202332510.361-100000@localhost.cgu.chel.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Jul 1999, Ilia Chipitsine wrote: > On Mon, 19 Jul 1999, Vincent Poy wrote: > > > On Mon, 19 Jul 1999, Ilia Chipitsine wrote: > > > > > look at the sudo program, it's in the ports collection. > > > it has a configuration, which describes which user is allowed > > > to do tasks as a root. > > > > > > but, once you gave somebody all the root's rights, it's not possible to > > > watch what he/she did. > > > > > > do not allow 'sudo' for > > > > > > 1. cp > > > 2. rm > > > 3. dd > > > 4. passwd > > > 5. ? > > > > > > it's not safe at all. > > > > I think we need sudo for just finger, adduser, rmuser, passwd. > > oh, boy .... > passwd ?! they will change root password :-( > at least make sure you have NO secure tty in /etc/ttys. > xdm by default is secure, which means that if you have it ON, > anybody will login as root from remote machines > ($ X -query <machine-of-those-idiots> ) Well, even if they change the root password, it's not a biggie since it's their box anyways, not ours... We just maintain it.. So ssh to root is fine in that regard.... The sales account will just be for people there to login remotely by ssh to do account maintenence. > > The thing is that I can write a shell script to do all the functions and > > have that as a default shell but how do I call up sudo into the script. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9907201943430.331-100000>