Chris wrote:
On 9/16/07, Aaron W. Hsu <[EMAIL PROTECTED]> wrote:
What exactly are you trying to enable users to do? The fact that you need to
provide normal users with these kind of privileges indicates a possible flaw
in your overall scheme. You may find that, after careful reconsideration,
there are precious few commands that you would actually have to allow the
users to run with superuser privileges.
So what's the "ideal" way to do things?
Please define "things".
Adding joeuser in the wheel
group and then add - joeuser ALL=(ALL) ALL in sudoers? And when the
joeuser account gets cracked, the cracker would be able to run
privileged commands? That defies the whole purpose. The other
possibility is to login as root (when are where needed, that is) and
do what is required. But afterboot(8) doesn't recommend that as an
option.
/Alexander
