Re: Limiting admin privileges
On Thursday 13 December 2001 08:05 am, Robert Kerr wrote:
> Hi all,
> My group is looking into providing Linux workstations to the engineers,
> but we're worried about future problems regarding admin privileges. We
> would like to give our engineers root on their boxes so they can set them
> up and provide patches and such. But, su-ing to root will also allow them
> to access any other users' files (since we have an automount NFS daemon
> which will mount the other users' home directories when accessed). What
> kind of utilities are available that would allow the users admin-type
> privileges, but disallow their munging others' files?
for what it is worth, the drives that i have mounted on my machine via nfs
cannot be changed via root. root is an unpriviledged user so far as the nfs
mounted files are concerned. my normal user can only change files which the
user has access to. same for root. these files are exported from an hp-ux
machine. in order for root to have priviledged access on my machine, the
exporting machine has to explicitly set the privileges.
for more information on this refer to man exports under "User ID Mapping"
allen wayne best
contractor, diagnostics and support tools
"your friendly neighborhood rambler owner"
"my rambler will go from 0 to 105"
Current date: 9:32:15::350:2001
Ramblers -- Don't you wish everyone had one?