From owner-freebsd-questions@FreeBSD.ORG  Mon May 29 12:32:25 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B8E6616A4F3
	for <freebsd-questions@freebsd.org>;
	Mon, 29 May 2006 12:32:25 +0000 (UTC)
	(envelope-from xfb52@dial.pipex.com)
Received: from smtp-out2.blueyonder.co.uk (smtp-out2.blueyonder.co.uk
	[195.188.213.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 51F7243D53
	for <freebsd-questions@freebsd.org>;
	Mon, 29 May 2006 12:32:24 +0000 (GMT)
	(envelope-from xfb52@dial.pipex.com)
Received: from [172.23.170.139] (helo=anti-virus01-10)
	by smtp-out2.blueyonder.co.uk with smtp (Exim 4.52)
	id 1Fkgv1-0005aT-8d; Mon, 29 May 2006 13:32:23 +0100
Received: from [82.41.33.243] (helo=[192.168.0.2])
	by asmtp-out5.blueyonder.co.uk with esmtp (Exim 4.52)
	id 1Fkgup-00034k-JT; Mon, 29 May 2006 13:32:11 +0100
Message-ID: <447AE9CB.1070606@dial.pipex.com>
Date: Mon, 29 May 2006 13:32:11 +0100
From: Alex Zbyslaw <xfb52@dial.pipex.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.13) Gecko/20060515
X-Accept-Language: en
MIME-Version: 1.0
To: Aitor San Juan <asanjuan@bolsabilbao.es>
References: <6FA4E8E8A0FAD64F9AF5A1F0FDB8C6EE1211@BB06.bolsabilbao.local>
In-Reply-To: <6FA4E8E8A0FAD64F9AF5A1F0FDB8C6EE1211@BB06.bolsabilbao.local>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Restrict access to custom shell scripts
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 May 2006 12:32:30 -0000

Aitor San Juan wrote:

>Hi list!
>
>I have developped several Bourne shell scripts that help some users
>to accomplish general tasks by choosing an option from a list of options.
>Such options include, for example, displaying the size of filesystems,
>(un)mounting filesystems, user account management (add/remove/lock users, etc).
>As you can imagine, many of these options will require the user to have
>superuser authorisations.
>
>It would be desirable that only a few users have the permission to execute
>these shell scripts. Following are my 2 approaches. I don't know which is
>the best. In addition, but I need some further help details of how to
>accomplish it, so any hint or suggestion would be highly appreciated.
>  
>
sudo.  It's in the ports.  You could fix your shell script permissions 
to be r-x root-only, but any operations requiring root access will just 
not work if a regular user runs it, so value is limited.

--Alex