Hi list!

I have developped several Bourne shell scripts that help some users
to accomplish general tasks by choosing an option from a list of options.
Such options include, for example, displaying the size of filesystems,
(un)mounting filesystems, user account management (add/remove/lock users, etc).
As you can imagine, many of these options will require the user to have
superuser authorisations.

It would be desirable that only a few users have the permission to execute
these shell scripts. Following are my 2 approaches. I don't know which is
the best. In addition, but I need some further help details of how to
accomplish it, so any hint or suggestion would be highly appreciated.

Thanks in advance.

Make root the owner of these shell scripts (rwx). Create a group and make
the shell scripts only executable for users belonging to this new group (r-x).
For the rest of the world, no permissions. Until here, I see apparently no
problems. But what about the permissions to execute some of the commands
encapsulated by the shell scripts? For example, adding users, editing crontabs
of other users, (un)mounting filesystems... I wouldn't like the users belonging
to this new group to have/belong directly root permissions.

Create a special user whose shell entry could be the main shell script (the one
who shows the menu of options), that is, no /bin/sh entry or alike, instead
the full path to the script who shows the main menu. Then the users should be
allowed to change their ID to this special user (using su for example). Again,
once su'ed to this user, what the superuser permissions required by most of
the options showed in the menu?

************ LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE ************* 
Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez 
babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, 
inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea 
baimenik gabe. 
Este mensaje puede contener información confidencial, en propiedad o legalmente 
protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente 
y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no 
autorizado está prohibido legalmente.
This message may contain confidential, proprietary or legally privileged 
information. If you are not the intended recipient of this message, please 
notify it to the sender and delete without resending or backing it, as it is 
legally prohibited.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to