From owner-freebsd-questions@FreeBSD.ORG Tue Jul 24 20:03:13 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 228BE16A420 for ; Tue, 24 Jul 2007 20:03:13 +0000 (UTC) (envelope-from mailing-lists@msdi.ca) Received: from spamfirewall.msdsky.com (spamfirewall.msdsky.com [64.18.66.8]) by mx1.freebsd.org (Postfix) with ESMTP id EB4C713C4B5 for ; Tue, 24 Jul 2007 20:03:12 +0000 (UTC) (envelope-from mailing-lists@msdi.ca) X-ASG-Debug-ID: 1185307391-76e100440000-jLrpzn X-Barracuda-URL: http://spamfirewall.msdsky.com:80/cgi-bin/mark.cgi X-Barracuda-Connect: unknown[64.18.67.9] X-Barracuda-Start-Time: 1185307391 Received: from mail02.msdihosting.net (unknown [64.18.67.9]) by spamfirewall.msdsky.com (Spam Firewall) with ESMTP id E0DB012C49 for ; Tue, 24 Jul 2007 16:03:11 -0400 (EDT) Received: from dell390 ([70.81.60.158]) by mail02.msdihosting.net ((iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))) with ASMTP id QRI44553 for ; Tue, 24 Jul 2007 16:03:23 -0400 From: "Ian Lord" To: References: <050b01c7ce16$960a0570$6400a8c0@msdi.local> <46A63689.80906@voidmain.net> <444pjt3ard.fsf@be-well.ilk.org> <46A652D7.4030001@voidmain.net> <5e49673f0707241241w4c751dbbi4a28590e5b164fc2@mail.gmail.com> X-ASG-Orig-Subj: RE: Root access loggin Date: Tue, 24 Jul 2007 16:01:33 -0400 Message-ID: <054701c7ce2d$6f42d6d0$6400a8c0@msdi.local> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <5e49673f0707241241w4c751dbbi4a28590e5b164fc2@mail.gmail.com> Thread-Index: AcfOKrogbxPGe6MPRjWnT+pJu0KSQgAAjPuw X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at msdsky.com Subject: RE: Root access loggin X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2007 20:03:13 -0000 -----Original Message----- From: John Fitzgerald [mailto:jjfitzgerald@gmail.com] Sent: 24 juillet 2007 15:42 To: Tom Grove Cc: freebsd-questions@freebsd.org; Ian Lord Subject: Re: Root access loggin I may be misunderstanding this, but wouldn't allowing only certain commands with sudo assume that the user actually knows what commands are needed by the user? In this situation it seems like the whole reason to grant access to the server was because the user _doesn't_ know what needs to be done. ~~ Exactly, I don't know what needs to be done, and they don't neither. That's why they need to browse around trying to figure out why their installer doesn't work. Sudo wouldn't be any help here cause I would need to pre approve commands and I don't know which one will be needed. Basically, I don't there there is a better solution then giving away the root password, but at least, I would like a log of what has been done. Naturally, I understand any log could be overwritten/modified since the person is root, but since I don't think Zend would make fun in hacking my server, the point in having the log is to undo anything I wouldn't approve ..