Date: Mon, 19 Jul 1999 14:49:15 +0300 From: Anand Buddhdev <arb@africaonline.co.ke> To: Vincent Poy <vince@venus.GAIANET.NET> Cc: "T. William Wells" <bill@twwells.com>, freebsd-questions@FreeBSD.ORG Subject: Re: how to watch the root user? Message-ID: <19990719144915.C7188@africaonline.co.ke> In-Reply-To: <Pine.BSF.4.05.9907190145430.331-100000@venus.GAIANET.NET>; from Vincent Poy on Mon, Jul 19, 1999 at 01:47:35AM -0700 References: <7muo54$reg$1@twwells.com> <Pine.BSF.4.05.9907190145430.331-100000@venus.GAIANET.NET>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 19, 1999 at 01:47:35AM -0700, Vincent Poy wrote: I manage our ISP's Solaris boxes, and I love sudo. I've written a little perl menu that allows customer service staff to change passwords, add/remove forwarding etc. They run this with sudo, and I'm happy. They get root access, but only to do certain things. > Yes, the problem is that one of our new customers is doing a > virtual ISP at our location and from the old ISP which runs BSDI. It > seems like they have a telnet account that will only go into a menu, all > they can do is do adduser, rmuser and passwd on a certain user. I can do > the shell script for the menus and stuff but I'm just trying to figure out > how to give their sales associates access to do only those commands with > root privileges and not others. This can be easily done in 2 ways: 1. Write a suid perl script to give them those functions and make this script the customer's login shell. 2. Write the script non-setuid, but run it from sudo. To make it look automated, stick the sudo invocation in the customer's .profile or .login -- See complete headers for more info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990719144915.C7188>