[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Limiting User Commands

On Sat, Nov 06, 2004 at 11:21:43AM -0800, Stephen Le wrote:
> On Sat, 6 Nov 2004 12:43:27 -0500, Kevin Mark
> <kmark+debian-user@pipeline.com> wrote:
> > I think it is worth the extra 'sudo'. People should learn the difference
> > between regular commands and special commands. you can have sudo ask for
> > a password or not. Ubuntu uses a sudo-like thing. Users should be asked
> > to do an extra step for commands that are not 'normal' for a reason. the
> > idea like 'think twice, type one' is good for such commands.
> I'm well aware that sudo can be configured to not ask for passwords,
> but as I stated in a reply to another person suggesting that I use
> sudo, I'm not trying to grant access to any special commands. Rather,
> I'm trying to limit the commands users can run to a certain subset.
> For example, I might not want regular users to be able to run ftp or
> telnet.
> If I were to use sudo, I would have to remove execute access from all
> commands and grant them on a command by command basis, requiring each
> users to prefix _every_ command with 'sudo'.
> -Stephen Le
Hi Stephen,
if U is all the commands a regular user can execute and X is the set of
commands you want them to have access to:
is  _ near 90% or near 10%? if its near 90% I have an idea. if its

closer to 10%, then maybe a chroot is better?
counter.li.org #238656 -- goto counter.li.org and be counted!

 / |    ||
*  /\---/\
   ~~   ~~
...."Have you mooed today?"...

Attachment: signature.asc
Description: Digital signature

Reply to: