[OT] Debian mailinglists

[Florian Diesch]

Derek Broughton <news at pointerstop.ca> wrote:

> Marcin Kasperski wrote:
>
>>> Indeed - but you'd have to convince me that there was actually a more
>>> efficient way to do it.  I cited visudo which actually prevents you from
>>> saving the sudoers file if it's not valid, but I consider that a
>>> half-solution.  Especially for something as simple as sudoers - you only
>>> need to know: who can have privilege, from what hosts, and what commands
>>> they can use.  That just cries out for a Q&A system.
>> 
>> ROTFL. Please, design the Q&A system for sudo. Remember about setting
>> user groups, and program groups (so for example I can create DBADMIN
>> group, put john, kenny and bela to it, and grant them the right
>> to run oracle sqlplus from oracle account and postresql psql from
>> postgres account, plus commands to restart those instances).
>
> That's just who, what and where.
>
>> Ah, and kenny should not be bothered with password prompt.
>
> OK, I forgot that one.
>> 
>> And everybody logged locally should be able to shutdown.
>
> That's not a different case from the ones I originally presented.
>> 
>> And so on.
>> 
>> sudoers is whole mini-language and you suddenly want to write
>> it via Q&A...
>> 
> It already _has_ a parser, it's not rocket science.

The parser isn't the difficult thing for most config files. But usually
it's difficult the design a GUI that's as powerful as the text file,
checks at least for the most common errors, has all the features like
arbitrary comments, versioned backups, restoring old versions even for
single values, showing diffs between several versions, fulltext search
and replace, ... and still is easy to use.


   Florian
-- 
<http://www.florian-diesch.de/>
-----------------------------------------------------------------------
**  Hi! I'm a signature virus! Copy me into your signature, please!  **
-----------------------------------------------------------------------