Re: Limiting admin privileges
On 13-Dec-2001 Robert Kerr wrote:
> Hi all,
> My group is looking into providing Linux workstations to the engineers,
> but we're worried about future problems regarding admin privileges. We
> would like to give our engineers root on their boxes so they can set them
> up and provide patches and such. But, su-ing to root will also allow them
> to access any other users' files (since we have an automount NFS daemon
> which will mount the other users' home directories when accessed). What
> kind of utilities are available that would allow the users admin-type
> privileges, but disallow their munging others' files?
Some problems are best solved with social and not engineering solutions. If
your employees are really futzing with other people's work they shuold know
that such behaviour is frowned on and can lead to dismissal.
That said, nfs can be configured to not accept the local root as the server
root. You could also limit their root access to the program 'sudo' which
offers a rich set of abilities.