From owner-freebsd-stable@FreeBSD.ORG Sat Apr 28 07:38:23 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 426B2106564A for ; Sat, 28 Apr 2012 07:38:23 +0000 (UTC) (envelope-from danny@cs.huji.ac.il) Received: from kabab.cs.huji.ac.il (kabab.cs.huji.ac.il [132.65.16.84]) by mx1.freebsd.org (Postfix) with ESMTP id E7D478FC16 for ; Sat, 28 Apr 2012 07:38:22 +0000 (UTC) Received: from pampa.cs.huji.ac.il ([132.65.80.32]) by kabab.cs.huji.ac.il with esmtp id 1SO2ER-000K66-8k; Sat, 28 Apr 2012 10:38:15 +0300 X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.3 To: Zenny In-reply-to: References: Comments: In-reply-to Zenny message dated "Sat, 28 Apr 2012 09:22:47 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 28 Apr 2012 10:38:15 +0300 From: Daniel Braniss Message-ID: Cc: "freebsd-stable@freebsd.org" Subject: Re: Restricting users from certain privileges X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Apr 2012 07:38:23 -0000 > Hi: > > I could not figure out how to restrict users or other users from certain > privileges to execute certain commands in FreeBSD/NanoBSD? > > What I meant is I want to create a NanoBSD image in which there will be an > additional user, say 'admin'. I need to give this new user (admin) some > privileges to run some root-can-only-execute commands, but not all (ACL > similar to the firmwares in adsl modems from ISPs). > > I read Dru Lavingne's 'BSD Hacks' and Joseph Kong's 'Designing BSD > Rootkits' besides FreeBSD handbook, but I simply could not figure out. > Could anyone throw some light on this? Appreciate it! > > Thanks! > > /zenny try sudo from ports, security/sudo cheers, danny