[OT] Debian mailinglists
Marcin Kasperski
Marcin.Kasperski at softax.com.pl
Tue May 20 17:50:12 UTC 2008
> Indeed - but you'd have to convince me that there was actually a more
> efficient way to do it. I cited visudo which actually prevents you from
> saving the sudoers file if it's not valid, but I consider that a
> half-solution. Especially for something as simple as sudoers - you only
> need to know: who can have privilege, from what hosts, and what commands
> they can use. That just cries out for a Q&A system.
ROTFL. Please, design the Q&A system for sudo. Remember about setting
user groups, and program groups (so for example I can create DBADMIN
group, put john, kenny and bela to it, and grant them the right
to run oracle sqlplus from oracle account and postresql psql from
postgres account, plus commands to restart those instances).
Ah, and kenny should not be bothered with password prompt.
And everybody logged locally should be able to shutdown.
And so on.
sudoers is whole mini-language and you suddenly want to write
it via Q&A...
--
----------------------------------------------------------------------
| Marcin Kasperski | Systems built by humans are always subject
| http://mekk.waw.pl | to human error. (Parnas)
| |
----------------------------------------------------------------------
More information about the ubuntu-users
mailing list