Re: Limiting User Commands

To: debian-isp@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Limiting User Commands
From: Matej Kovac <matej@pobox.sk>
Date: Sat, 6 Nov 2004 18:02:16 +0100
Message-id: <[🔎] 20041106180216.D4674@ns.telnet.sk>
In-reply-to: <[🔎] 3082.82.199.192.18.1099677213.squirrel@82.199.192.18>; from ea@sellinet.net on Fri, Nov 05, 2004 at 07:53:33PM +0200
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 3082.82.199.192.18.1099677213.squirrel@82.199.192.18>

On Fri, Nov 05, 2004 at 07:53:33PM +0200, ea@sellinet.net wrote:
> 
> Yes, you can make something like that: addgroup(access), then change
> groupname of commands that you want with that group (access), remember to
> remove "execute/search by others" from commands that are with
> group(access), also don't forget to add group(access) to every user that
> you want to have access to this commands.
> 
> 
often overseen feature of standard unix tools is group password.
of course it is not RSBAC or similar hammer, but try to play with
"passwd -g" and "sg" (friend of "su" in gid instead of uid world).

try to set group exec permisions and put users (who do not need
group password) into groups, and those who do can type "sg" and
"login to group". and use passwords only first time, not every
time as with sudo.

-- 
matej kovac
matej@pobox.sk

Reply to:

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: ea@sellinet.net

Prev by Date: Re: Limiting User Commands
Next by Date: Re: Limiting User Commands
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread