On 06/19/2019 09:56 PM, Bagas Sanjaya wrote:
What I thought that the correct way is to configure sudoers so that remaja group can access programs that they absolutely required via sudo (e.g. mount for mounting USB sticks).That is almost as bad as having no security restrictions at all. The correct thing to do would be to set permissions on the programs to allow them to be run by group remaja.I don't say this often. I would immediately fire the person responsible for instituting this policy on a "production" system. (It would be a good policy if the system is intended as an educational environment to allow the teens to ruin things, and learn from experience.)
In fact, many television stations have most programs written for teens (age 13 and older), so sysadmins there configure sudoers which allows teens to behave like sysadmins themselves (by giving them full administrator privileges) on their production systems. Also, parental monitoring and guidance can reduce likehood of teens breaking such systems. Maybe because teens are largest marketshare for TVs.
Some one mentioned mounting drives, all that and what they need can be configured. There is no reason to give /sudo/root/ to anyone but the admin, unless it's a class on system admin. What are you going to do about it?
-- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263