On Wed, Aug 23, 2000 at 07:18:00PM -0500, Brent Harding wrote:
> >
> >> deleting would be something tricky, wouldn't want him deleting what I
> >> create.
> >
> >What are you deleting here? I'm confused.
> If he got access to userdel, he could delete users he shouldn't delete,
> just like, if he wants mail on his domain, he could add and delete his own
> stuff only. I suppose after adding the user, it could add the username to a
> file, that if the user he wants to delete isn't in the file, he couldn't
> delete it. I would dump the telnet altogether, if he were using linux with
> ssh, but the trusty old win-98 telnet client isn't compatible with ssh, (I
> never use that program anyway, ssh isn't really that hard to use).
Again, a better fix would be to create a wrapper with rules as to what
users he did and/or did not have rights to delete, and invoke this
wrapper through sudo. Note also that deleting user accounts is
generally not advisable. I've posted on this subject in the past few
days here. Instead, mark the account locked with the passwd command:
$ passwd -l <userid>
If you had all of the users he is administering within a specified
group, and no other users belonged to that group, you could test for
membership in the group before locking the account.
--
Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself
Evangelist, Opensales, Inc. http://www.opensales.org
What part of "Gestalt" don't you understand? Debian GNU/Linux rocks!
http://gestalt-system.sourceforge.net/ K5: http://www.kuro5hin.org
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
Attachment:
pgpqP1zOQd2Bz.pgp
Description: PGP signature