From owner-freebsd-stable@FreeBSD.ORG  Sat Apr 28 07:22:48 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9A146106566C
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 07:22:48 +0000 (UTC)
	(envelope-from garbytrash@gmail.com)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
	[209.85.214.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 614D38FC0C
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 07:22:48 +0000 (UTC)
Received: by obcni5 with SMTP id ni5so2568101obc.13
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 00:22:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=OFKBweZkOThhnPWYwpRQrVsu5scY/sw+bOA62Q7RwYg=;
	b=T/TAkcfSFMlyII0T9o8sEvBOJaWs4gHe/k6CbAdH5FCVnL5Br3lAoghqM+ezUYUR5/
	llnyvngAFfHM9gImHmHj0naDCPZ3Bv+0IItItQRuv3pEkHpTfO8/tcUyHZfrD2seAwhI
	Moxbd3taBcAWV6x9YfVohF3BFSrQTff3WBrQnM29BUHzlNBcWamMP8e1uQUHKmloRAQy
	2LE8dVFmp+/Uv12QaWeM10vWmCYoR27GwHvobfe3A6KypUvV+UjTIfqIH3Xrr2T9BezO
	faE0ZFu4DLCFMxass9FT4FKLCkuvylyxT+uPBwPgX/rGYLZcza94xWYFqtCFEzz8hxL3
	nO5w==
MIME-Version: 1.0
Received: by 10.60.4.134 with SMTP id k6mr18058610oek.19.1335597767800; Sat,
	28 Apr 2012 00:22:47 -0700 (PDT)
Received: by 10.60.17.34 with HTTP; Sat, 28 Apr 2012 00:22:47 -0700 (PDT)
Date: Sat, 28 Apr 2012 09:22:47 +0200
Message-ID: <CACuV5sCyCgn8aBawTEP=BT++4Ut4kPt8fXSq+gcS2YrkZaU+Jw@mail.gmail.com>
From: Zenny <garbytrash@gmail.com>
To: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Restricting users from certain privileges
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2012 07:22:48 -0000

Hi:

I could not figure out how to restrict users or other users from certain
privileges to execute certain commands in FreeBSD/NanoBSD?

What I meant is I want to create a NanoBSD image in which there will be an
additional user, say 'admin'. I need to give this new user (admin) some
privileges to run some root-can-only-execute commands, but not all (ACL
similar to the firmwares in adsl modems from ISPs).

I read Dru Lavingne's 'BSD Hacks' and Joseph Kong's 'Designing BSD
Rootkits' besides FreeBSD handbook, but I simply could not figure out.
Could anyone throw some light on this? Appreciate it!

Thanks!

/zenny

---

Support http://thehumanape.org