On 6/20/19 12:56 AM, Bagas Sanjaya wrote:
That is almost as bad as having no security restrictions at all. The
correct thing to do would be to set permissions on the programs to
allow them to be run by group remaja.
What I thought that the correct way is to configure sudoers so that
remaja group can access programs that they absolutely required via
sudo (e.g. mount for mounting USB sticks).
I would instead make the specific programs the students/teens should be
using executable by them without needing sudo. Linux permissions make
this very straightforward.
I don't say this often. I would immediately fire the person
responsible for instituting this policy on a "production" system. (It
would be a good policy if the system is intended as an educational
environment to allow the teens to ruin things, and learn from
experience.)
In fact, many television stations have most programs written for teens
(age 13 and older), so sysadmins there configure sudoers which allows
teens to behave like sysadmins themselves (by giving them full
administrator privileges) on their production systems. Also, parental
monitoring and guidance can reduce likehood of teens breaking such
systems. Maybe because teens are largest marketshare for TVs.
OK, which meaning of "program" are you using here? In American (and UK)
English, it can mean either "set of instructions that run on a computer"
or "television entertainment item." You seem to be using it both ways in
this message or confusing the two.
--
Carl Fink
c...@finknetwork.com
