Date: Tue, 20 Jul 1999 23:37:19 +0600 (ESS) From: Ilia Chipitsine <ilia@cgilh.chel.su> To: Vincent Poy <vince@venus.GAIANET.NET> Cc: "T. William Wells" <bill@twwells.com>, freebsd-questions@FreeBSD.ORG Subject: Re: how to watch the root user? Message-ID: <Pine.BSF.4.05.9907202336390.361-100000@localhost.cgu.chel.su> In-Reply-To: <Pine.BSF.4.05.9907191404520.331-100000@venus.GAIANET.NET>
next in thread | previous in thread | raw e-mail | index | archive | help
oh, i've forgotten. ssh by default also allows login as root :-( make sure you switched it OFF. Regards, (Наилучшие пожелания) Ilia Chipitsine (Илья Шипицин) On Mon, 19 Jul 1999, Vincent Poy wrote: > On Mon, 19 Jul 1999, Ilia Chipitsine wrote: > > > look at the sudo program, it's in the ports collection. > > it has a configuration, which describes which user is allowed > > to do tasks as a root. > > > > but, once you gave somebody all the root's rights, it's not possible to > > watch what he/she did. > > > > do not allow 'sudo' for > > > > 1. cp > > 2. rm > > 3. dd > > 4. passwd > > 5. ? > > > > it's not safe at all. > > I think we need sudo for just finger, adduser, rmuser, passwd. > The thing is that I can write a shell script to do all the functions and > have that as a default shell but how do I call up sudo into the script. > > > Cheers, > Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ > Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] > GaiaNet Corporation - M & C Estate / / / / | / | __] ] > Beverly Hills, California USA 90210 / / / / / |/ / | __] ] > HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] > > > > On Sun, 18 Jul 1999, Vincent Poy wrote: > > > > > Speaking about root or limited root, does anyone happen to know > > > how to give like a account with limited root priviliges such as add/delete > > > users and changing a users password via a shell that calls up a shell > > > script but without full access as root. > > > > > > > > > Cheers, > > > Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ > > > Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] > > > GaiaNet Corporation - M & C Estate / / / / | / | __] ] > > > Beverly Hills, California USA 90210 / / / / / |/ / | __] ] > > > HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9907202336390.361-100000>