Kent West wrote:
2) sudo commands are logged
3) sudo can be restricted to give only the appropriate privs to the user; userA can be allowed to add/delete users, but not software; userB can be allowed to add/delete software but not users; userC can be allowed to do anything root can do; userD can be allowed to shutdown/reboot the box and do backups and edit /etc/fstab and nothing else; userE can be alowed to use a graphical CD burning app that's not suid; etc.
A user who can create users can do anything. A user who can install software can do anything. A user who can do restores can do anything. A user who can do backups can make off with a copy of your secrets:-)
--
Cheers John
-- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
