Hi, absolutly,
sudo is highly recommended, & powerfull. you can give many commands to each users, different permitions for each, etc.. Defaults:ALL timestamp_timeout=0 permit permission to be back to user state after each sudo <command> action so a user must redo another sudo <command> if he need a second root permission level command. this is a simple security improvement. here is a very simple example : Defaults env_reset,tty_tickets # Host alias specification Host_Alias HOST = jaunty Host_Alias LAN = 192.168.1.0/255.255.255.0 Host_Alias HOME = HOST,LAN # User alias specification # Cmnd alias specification Cmnd_Alias CRYPT = /usr/bin/truecrypt Cmnd_Alias USBDEV = /usr/bin/unetbootin,/usr/bin/gnome-format Cmnd_Alias APT = /usr/bin/apt-get update,/usr/bin/apt-get upgrade Cmnd_Alias UPDATES = /usr/bin/update-manager Cmnd_Alias FUSE = /usr/bin/Gmount-iso Cmnd_Alias MYPROGS = CRYPT,USBDEV,APT,UPDATES,FUSE # User privilege specification root ALL=(ALL) ALL # Members of the admin group may gain root privileges %admin HOME=(root) ALL %admin HOME=(root) NOEXEC:/usr/bin/vim iain HOME=(root) NOPASSWD:MYPROGS You can see here this is secured by host restricted permissions, lan restrictions, & strict list of programs to be allowed to be launched. > ---------------------------------------- > From: Jordi <jespa...@minibofh.org> > Sent: Wed May 04 08:33:33 CEST 2011 > To: <misc@openbsd.org> > Subject: Re: Need Suggestion: To limit the access of root account > > > man sudo for granular permissions. > > Then man sh or man ksh or whatever shell you want to use to create a > really simple script to show the required options. > Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 ToulouseB FranceB +33 6 17 230 820 B +33 5 34 365 269 fpussa...@contactoffice.fr
