On 2012-04-28 09:50, Zenny wrote: > On Sat, Apr 28, 2012 at 9:38 AM, Daniel Braniss <da...@cs.huji.ac.il> wrote: ... >> try sudo from ports, security/sudo > Thanks Daniel, but sudo gives all (not selective) root privileges to the > user (admin in my case).
This isn't true. With sudo, you can give specific users, or groups of users, restricted lists of commands they can run, and even specify on which particular machines they can be run. Please take a look at the nicely documented sample sudoers file: http://www.sudo.ws/sudo/sample.sudoers For example, these lines may do more or less what you want: # users in the secretaries netgroup need to help manage the printers # as well as add and remove users +secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser # fred can run commands as oracle or sybase without a password fred ALL = (DB) NOPASSWD: ALL # on the alphas, john may su to anyone but root and flags are not allowed john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root* # jen can run anything on all machines except the ones # in the "SERVERS" Host_Alias jen ALL, !SERVERS = ALL # jill can run any commands in the directory /usr/bin/, except for # those in the SU and SHELLS aliases. jill SERVERS = /usr/bin/, !SU, !SHELLS # steve can run any command in the directory /usr/local/op_commands/ # as user operator. steve CSNETS = (operator) /usr/local/op_commands/ # matt needs to be able to kill things on his workstation when # they get hung. matt valkyrie = KILL _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
