[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

sudo not suitable for multi-machine systems



On Thu, 21 Nov 1996, Ian Jackson wrote:

ian >These programs should be ordinary binaries, and if a sysadmin wants to
ian >have a local policy that says users X and Y may do Z then sudo is the
ian >right tool for the job, or they can write a wrapper and put it in
ian >/usr/local.  The setuid bit is _not_ appropriate here.

I dont have one machine. I have a whole set here and the problem to
administer them. I cannot worry about configuring each machine separately
to simply have our system administrators perform network diagnostics. Each
machine has different issues cannot use the same configfile on each
machine.

The best would be if the stuff can be installed and then all in a certain
group (accessible via NIS) have access to those priviledged commands. With
the amount of new installation and upgrades going on here I cannot see
another solution.

And: Having group access restricted executables is the very thing the
security scheme in UNIX was designed for.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com


Reply to: