[OT] Debian mailinglists
Derek Broughton
news at pointerstop.ca
Tue May 20 18:48:15 UTC 2008
Marcin Kasperski wrote:
>> Indeed - but you'd have to convince me that there was actually a more
>> efficient way to do it. I cited visudo which actually prevents you from
>> saving the sudoers file if it's not valid, but I consider that a
>> half-solution. Especially for something as simple as sudoers - you only
>> need to know: who can have privilege, from what hosts, and what commands
>> they can use. That just cries out for a Q&A system.
>
> ROTFL. Please, design the Q&A system for sudo. Remember about setting
> user groups, and program groups (so for example I can create DBADMIN
> group, put john, kenny and bela to it, and grant them the right
> to run oracle sqlplus from oracle account and postresql psql from
> postgres account, plus commands to restart those instances).
That's just who, what and where.
> Ah, and kenny should not be bothered with password prompt.
OK, I forgot that one.
>
> And everybody logged locally should be able to shutdown.
That's not a different case from the ones I originally presented.
>
> And so on.
>
> sudoers is whole mini-language and you suddenly want to write
> it via Q&A...
>
It already _has_ a parser, it's not rocket science.
--
derek
More information about the ubuntu-users
mailing list