Date: Mon, 17 May 1999 19:28:55 +0300 (EEST) From: Jukka Simila <sjuke@saunalahti.fi> To: Adam Szilveszter <sziszi@petra.hos.u-szeged.hu> Cc: freebsd-newbies@FreeBSD.ORG, "G. Adam Stanislav" <adam@whizkidtech.net> Subject: Re: Newbie tip Message-ID: <XFMail.990517192855.sjuke@saunalahti.fi> In-Reply-To: <Pine.LNX.3.96.990517075245.22528A-100000@petra.hos.u-szeged.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 17-May-99 Adam Szilveszter wrote:
[snip]
>>
>> Using "su" for logging as root is a good way to do things, but I think
>> there's
>> a better way: program from ports called 'sudo'
>> It allows normal users to run programs as root with their own password,
>> like:
>> 'sudo reboot' would prompt for user's password and boot the machine.
> hmmmmm.... then what's the point? I would be very careful about
> configuring for sudo because it's inherently dangerous to give users this
> much control... I'm not being paranoid but I have even disabled
> Ctrl-Alt-Del because I do not want people to be able to restart my machine
> when I am not there. After all, it is not Windows that you have to
> restart after doing any config work (or moving the mouse, sometimes:-)))
You don't even have to move the mouse, take two identical mouses and boot with
another mouse installed, then switch it to the another, you have to reboot
before win95 detects the new mouse.
But:
If you have a computer that can't be power-on for 24h / day, say, a computer
used mainly for text-editing (that old 486 :), wouldn't it be nicer to give
users a possibility to shut it down with their own password, rather than
delivering root's password to everyone, or recommending microsoft-style
shutdown "just switch the power off, it's all right then" :)
Of course, better example than "sudo reboot" would have been "sudo halt" which
would do the obvious.
>
> but must add that if I had many users here (only have myself this far on
> this
> machine) then I would take care to give them the latest user software in
> things like Netscape and be responsive to what they ask me to do. That's a
> prerequisite in maintaining tight system security and manageability. You
> cannot do it yourself, user, but ask me and I will be in a minute.
"You cannot shut down the computer yourself, but just ask me and I will be
there in a minute. Oh, I forgot, I won't be home until tomorrow.. Would you
like to become a sysadmin?" :)
-------------------------------------------------------------------------
Jukka Simila
EMail: ................juksi@iname.com
IRC-nick: .............sjuke
-------------------------------------------------------------------------
After an instrument has been assembled, extra components will be found
on the bench.
-------------------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990517192855.sjuke>