On Mon, 16 Apr 2007, Tony Heal wrote:
I am working on a project to allow a normal system user access to a very limited subset of programs and scripts. The idea is to allow the user to perform certain maintenance and troubleshooting without actually being able to change anything, such as config file, logs etc. I am convinced that sudo is the way to go, but I need more info (ammo) to convince my boss that simply changing the permissions of the subset of files is a bad idea. Any help would be greatly appreciated. Tony
One of the great things I like about sudo, is that it gives you a nice audit trail through syslog. Then if and when something goes wrong, you can at least find out who might be responsible for it. It's come in handy quite often. It's also great in the respect that you can give users access to certain commands, but only allow them to use it in certian ways, which helps avoid situations like a user doing a rm -rf / or chmod -R 777 / .
Jeff -+- 8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.