Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Jul 2007 16:01:33 -0400
From:      "Ian Lord" <mailing-lists@msdi.ca>
To:        <freebsd-questions@freebsd.org>
Subject:   RE: Root access loggin
Message-ID:  <054701c7ce2d$6f42d6d0$6400a8c0@msdi.local>
In-Reply-To: <5e49673f0707241241w4c751dbbi4a28590e5b164fc2@mail.gmail.com>
References:  <050b01c7ce16$960a0570$6400a8c0@msdi.local> <46A63689.80906@voidmain.net> <444pjt3ard.fsf@be-well.ilk.org> <46A652D7.4030001@voidmain.net> <5e49673f0707241241w4c751dbbi4a28590e5b164fc2@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


-----Original Message-----
From: John Fitzgerald [mailto:jjfitzgerald@gmail.com] 
Sent: 24 juillet 2007 15:42
To: Tom Grove
Cc: freebsd-questions@freebsd.org; Ian Lord
Subject: Re: Root access loggin

I may be misunderstanding this, but wouldn't allowing only certain
commands with sudo assume that the user actually knows what commands
are needed by the user? In this situation it seems like the whole
reason to grant access to the server was because the user _doesn't_
know what needs to be done.
~~

Exactly, I don't know what needs to be done, and they don't neither. That's
why they need to browse around trying to figure out why their installer
doesn't work.

Sudo wouldn't be any help here cause I would need to pre approve commands
and I don't know which one will be needed.

Basically, I don't there there is a better solution then giving away the
root password, but at least, I would like a log of what has been done.

Naturally, I understand any log could be overwritten/modified since the
person is root, but since I don't think Zend would make fun in hacking my
server, the point in having the log is to undo anything I wouldn't approve
..





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?054701c7ce2d$6f42d6d0$6400a8c0>