Matthew Szudzik wrote:
The fact that you need to provide normal users with these kind of
privileges indicates a possible flaw in your overall scheme. You may
find that, after careful reconsideration, there are precious few
commands that you would actually have to allow the users to run with
superuser privileges.
Personally, I wish that the operator group would give a user full access
to these ordinary hardware resources. But currently, the operator group
is only given read access (but not write access) to a few devices, and
access to the shutdown command (which produces a very annoying beep
that is unsuitable for use in a boardroom or lecture hall).
Does anyone currently use the operator group for anything, or is it just a
historical vestige? Would there be anything wrong with giving the
operator enough hardware access to run the commands above?
I use the operator for dumps, which is a readonly operation.
# su operator -c "dump ${DmpLvl}au -f - $dskpart" | ssh backupbox dd
of=<dumpfile>
