Hello Alex Malinovich (<[EMAIL PROTECTED]>) wrote:
> On Fri, 2003-11-07 at 03:22, Roberto Sanchez wrote: >> Alex Malinovich wrote: >> >>> I've decided that it's about time I look for a solution to a >>> problem that's been bugging me. On certain occasions, I find it >>> necessary to have one of my roommates do something to the network >>> at home when I'm not there. As such, they generally will need root >>> access to do it. While I certainly trust them, I'm very security >>> conscious and wouldn't feel comfortable giving them my root >>> password. So I had the idea of setting up a one-time use root >>> account. You can log in once, but as soon as you do the user gets >>> locked out. (passwd -l in .bashrc) >>> >>> Unfortunately, since I use the "real" root account very frequently >>> this would be a great hassle. So I'd like to set up a pseudo-root >>> account for this purpose. It's easy enough to do an adduser --gid >>> 0, but that would still leave quite a few things which the user >>> couldn't do. (At least unless I did a chmod -R g+rwx *, which I'd >>> like to avoid.) >> >> What about sudo? You can set it up to grant very limited permissions >> (i.e., one or two commands only) to a specific user. > > I never really know what I'll need them to do, so it's not really > viable. It could be changing network settings one day (so I'd have to > allow access to ifconfig, route, export2fs, etc), user admin another > day (passwd, adduser, etc), and package management after that (dpkg, > apt, etc). That would become very unmanageable very quickly. You can allow normal users to start a bash (or any other shell) via sudo. That way they won't need to have a special user or group ID and can authenticate themselves with their own passwords. best regards Andreas Janssen -- Andreas Janssen [EMAIL PROTECTED] PGP-Key-ID: 0xDC801674 Registered Linux User #267976 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]