From owner-freebsd-stable@FreeBSD.ORG  Sat Apr 28 09:58:56 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 462011065670
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 09:58:56 +0000 (UTC)
	(envelope-from hausen@punkt.de)
Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131])
	by mx1.freebsd.org (Postfix) with ESMTP id C30CA8FC16
	for <freebsd-stable@freebsd.org>; Sat, 28 Apr 2012 09:58:55 +0000 (UTC)
Received: from hugo10.ka.punkt.de ([217.29.45.10])
	by gate1.intern.punkt.de with ESMTP id q3S9l7FR057992;
	Sat, 28 Apr 2012 11:47:07 +0200 (CEST)
Received: from [217.29.46.10] ([217.29.46.10])
	by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id q3S9l7rS053345;
	Sat, 28 Apr 2012 11:47:07 +0200 (CEST)
	(envelope-from hausen@punkt.de)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=utf-8
From: "Patrick M. Hausen" <hausen@punkt.de>
In-Reply-To: <4F9BBABA.6040708@rdtc.ru>
Date: Sat, 28 Apr 2012 11:47:07 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F37A1B9-993B-4A4E-9FCC-8B19AADCFB72@punkt.de>
References: <CACuV5sCyCgn8aBawTEP=BT++4Ut4kPt8fXSq+gcS2YrkZaU+Jw@mail.gmail.com>	<E1SO2ER-000K66-8k@kabab.cs.huji.ac.il>
	<CACuV5sCHmnUnXTTY+kGqszi-Ynu8Vr3bf+LALf=yQbhHPXSdXA@mail.gmail.com>
	<4F9BBABA.6040708@rdtc.ru>
To: Eugene Grosbein <egrosbein@rdtc.ru>
X-Mailer: Apple Mail (2.1257)
Cc: Zenny <garbytrash@gmail.com>,
	"freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org>
Subject: Re: Restricting users from certain privileges
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2012 09:58:56 -0000

Hi, all,

Am 28.04.2012 um 11:39 schrieb Eugene Grosbein:

> 28.04.2012 14:50, Zenny =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>=20
>>> try sudo from ports, security/sudo
>>>=20
>>> cheers,
>>>       danny
>>>=20
>>>=20
>> Thanks Daniel, but sudo gives all (not selective) root privileges to =
the
>> user (admin in my case). So this is not what I am trying to achieve =
in my
>> original post.
>=20
> Please do study sudo real power :-)
> It can give selective privileges per-command,
> an d it can also allow one to run some command with some arguments =
only
> and not with others. Or, without any arguments only - as you tune
> its sudoers configuration file.


Just make sure none of the permitted commands has got the
feature of starting a shell ;-))

Kind regards,
Patrick
--=20
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info@punkt.de       http://www.punkt.de
Gf: J=C3=BCrgen Egeling      AG Mannheim 108285