On 6/20/19 12:56 AM, Bagas Sanjaya wrote:
I would instead make the specific programs the students/teens should be using executable by them without needing sudo. Linux permissions make this very straightforward.What I thought that the correct way is to configure sudoers so that remaja group can access programs that they absolutely required via sudo (e.g. mount for mounting USB sticks).That is almost as bad as having no security restrictions at all. The correct thing to do would be to set permissions on the programs to allow them to be run by group remaja.
OK, which meaning of "program" are you using here? In American (and UK) English, it can mean either "set of instructions that run on a computer" or "television entertainment item." You seem to be using it both ways in this message or confusing the two.In fact, many television stations have most programs written for teens (age 13 and older), so sysadmins there configure sudoers which allows teens to behave like sysadmins themselves (by giving them full administrator privileges) on their production systems. Also, parental monitoring and guidance can reduce likehood of teens breaking such systems. Maybe because teens are largest marketshare for TVs.I don't say this often. I would immediately fire the person responsible for instituting this policy on a "production" system. (It would be a good policy if the system is intended as an educational environment to allow the teens to ruin things, and learn from experience.)
-- Carl Fink carl@finknetwork.com