Administration question
I am running a Debian system right now as a web development staging server. At
present, it is only on a local network, but could conceivably become a gateway
to the Internet as well. So for the time being, it is basically a two-user
system (me and my wife).
I am teaching my wife to do web development, and would like her to be able to
use the Linux system. This includes having her be able to shut the system down
when she's done using it (we can't afford to leave this old 486 system running
without a pretty heavy subsidy from the electric co!). My wife is not a real
experienced computer user in general, and she has NO UNIX experience whatsoever.
Needless to say, I'm not really crazy about the idea of giving her root access,
lest some simple mistake hose the system completely.
What would be the best way to enable her to run the shutdown command, without
creating a giant security hole which might bite me in the @*% should this
machine ever become a gateway? My thoughts up to this point:
1) Creating a group consisting of my wife and myself, and doing a setuid and
chmod 710 on the shutdown command itself, and changing group ownership to the
group with me and her in it.
2) Creating a group consisting of my wife and myself, and writing a script
which executes the shutdown command, then setting the ownership for the script
to root, group ownership on the script to our group, and doing a setuid on just
the script.
It seems to me that the second option is the best as I don't have to monkey
around with the permissions on the command. Is the second any more of a
security concern than the first, or, as I assume, less? Say my wife's user
password is ridiculously easy to guess; do these give the same amount of system
access to the person who cracks into her account?
Does anyone know of a better way to do this?
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: