TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:21119] RH 5.1 question (sudo!)
Whoops. Change the root password and configure sudo. Some people can be
useful with full root access, others, well, you see what happens. =)
For example, I'd never want my little brother to have root access, but it is
ok for him (and my roomates) to use my cd burner:
# User alias specification
User_Alias BURNERS = adam, zibby, kbullock, andyzib, dieman
# Cmnd alias specification
Cmnd_Alias CDBURN = /usr/bin/xcdroast, /usr/bin/cdrecord, /usr/bin/mkisofs,
/usr/bin/cdparanoia
BURNERS ALL = NOPASSWD: CDBURN
Pretty slick. Downside of sudo (from a usiblaty standpoint) is you have to
define everything the frontend uses, I tried just putting xcdroast there
with a no go. From a security standpoint, this is a good thing.
Anyway, I'd suggest to your friend that she/he decide what admin is capible
of handling what tasks, and assigning those tasks via sudo instead of root.
As they learn more about UNIX/Linux, they can get more access.
Another good thing for (for new users and root) to do is alias rm in the
shell config.
( alias rm='rm -i' for bash and alias rm 'rm -i' for tcsh ) The -i switch
makes rm be interactive, meaning it confirms before removing. Might prevent
important things like /var from dissappearing.
--
Andy Zbikowski, Sys Admin | (WEB) http://www.ltiflex.com
LTI Flexible Products, Inc. | (PH) 763-428-9119 (EX) 132
21801 Industrial Blvd | (FX) 763-428-9126
Rogers, MN 55374 | (PCS) 612-306-6055
begin:vcard
n:Zbikowski;Andrew
tel;pager:612-306-6055
tel;cell:612-306-6055
tel;fax:763-428-9126
tel;home:763-591-0977
tel;work:763-428-9119
x-mozilla-html:FALSE
url:http://www.ltiflex.com
org:LTI Flexible Products;Information Services
adr:;;21801 Industrial Blvd.;Rogers;MN;55374;USA
version:2.1
email;internet:andyzb@ltiflex.com
title:Computer Systems Administrator
x-mozilla-cpt:;-13248
fn:Andrew Zbikowski
end:vcard