On Fri, 2003-11-07 at 03:22, Roberto Sanchez wrote: > Alex Malinovich wrote: > > I've decided that it's about time I look for a solution to a problem > > that's been bugging me. On certain occasions, I find it necessary to > > have one of my roommates do something to the network at home when I'm > > not there. As such, they generally will need root access to do it. While > > I certainly trust them, I'm very security conscious and wouldn't feel > > comfortable giving them my root password. So I had the idea of setting > > up a one-time use root account. You can log in once, but as soon as you > > do the user gets locked out. (passwd -l in .bashrc) > > > > Unfortunately, since I use the "real" root account very frequently this > > would be a great hassle. So I'd like to set up a pseudo-root account for > > this purpose. It's easy enough to do an adduser --gid 0, but that would > > still leave quite a few things which the user couldn't do. (At least > > unless I did a chmod -R g+rwx *, which I'd like to avoid.) > > > > So any ideas on how to go about it? Is it possible to have two different > > users with the same UID? i.e. adduser --uid 0 --gid 0 temproot > > > > If not, any other possibilities? > > What about sudo? You can set it up to grant very limited permissions > (i.e., one or two commands only) to a specific user. I never really know what I'll need them to do, so it's not really viable. It could be changing network settings one day (so I'd have to allow access to ifconfig, route, export2fs, etc), user admin another day (passwd, adduser, etc), and package management after that (dpkg, apt, etc). That would become very unmanageable very quickly. -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837
Attachment:
signature.asc
Description: This is a digitally signed message part