Date: Sat, 12 Jun 2004 14:29:52 +0100 From: John <lists@itconsultuk.net> To: freebsd-questions@freebsd.org Subject: Re: want sudo but not sudo su - how Message-ID: <20040612132952.GC87930@itconsultuk.net> In-Reply-To: <20040612115959.GW76275@caffreys.strugglers.net> References: <20040612101402.GC72289@itconsultuk.net> <20040612115959.GW76275@caffreys.strugglers.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 12, 2004 at 11:59:59AM +0000, Andy Smith wrote: > It might be best to just say "I don't want you doing this" and then > punish people who do, since you do have logs. yeah, thought this might be the case :| thanks for confirming it. > If you're trying to restrict what people can do with sudo it will be > better to explicitly list each binary they can run as root and make > sure there's no way they can modify those binaries. yeah, but too many binaries (or roles too diffuse, tightening up of which would be another way of handling it) cheers -- John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040612132952.GC87930>