[OT] Debian mailinglists

Derek Broughton news at pointerstop.ca
Tue May 20 18:48:15 UTC 2008


Marcin Kasperski wrote:

>> Indeed - but you'd have to convince me that there was actually a more
>> efficient way to do it.  I cited visudo which actually prevents you from
>> saving the sudoers file if it's not valid, but I consider that a
>> half-solution.  Especially for something as simple as sudoers - you only
>> need to know: who can have privilege, from what hosts, and what commands
>> they can use.  That just cries out for a Q&A system.
> 
> ROTFL. Please, design the Q&A system for sudo. Remember about setting
> user groups, and program groups (so for example I can create DBADMIN
> group, put john, kenny and bela to it, and grant them the right
> to run oracle sqlplus from oracle account and postresql psql from
> postgres account, plus commands to restart those instances).

That's just who, what and where.

> Ah, and kenny should not be bothered with password prompt.

OK, I forgot that one.
> 
> And everybody logged locally should be able to shutdown.

That's not a different case from the ones I originally presented.
> 
> And so on.
> 
> sudoers is whole mini-language and you suddenly want to write
> it via Q&A...
> 
It already _has_ a parser, it's not rocket science.
-- 
derek





More information about the ubuntu-users mailing list