[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to give administrative previledges



On Wed, 2005-04-06 at 14:59, Chethiya K Ranaweera wrote:
> On Apr 6, 2005 1:32 AM, Michael Green <mishagreen gmail com> wrote:
> > On Apr 6, 2005 6:22 AM, Justin Zygmont <jzygmont solarflow net> wrote:
> > > sudo can't actually do everything, for instance how could you do an:
> > > echo "aaaaa" >>file to a file which is only writable by root?
> > 
> > Do
> > sudo -s
> > and then you can do anything you want.

> 
> 
> Giving root password to a user is not wise. My question is why can't
> we give change GID to 0 or some thingelse and grant any aceess to
> somebody else, let's say, a part-time administrator?? So that he can
> update the system, look in /lost+found ...etc.

Granting even partial privileges problematic.  You must trust the user
you are giving that ability to.  Allowing someone to update the system
and access pretty much anything on the system via any means is the same
as giving them root password.  

If you are trying to provide limited admin access the proper way is what
has been suggested, use sudo to provide the limited access.

If you want to allow someone to do pretty much anything then they should
be allowed to use su - to get root access.  If you don't trust them with
that then I would not trust them to update the system.

Not giving out root access but allowing them to do anything on the
system that requires root access does not make much sense.

-- 
Scot L. Harris
webid cfl rr com

Do not take life too seriously; you will never get out of it alive. 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]