On Feb 22, 2007, at 11:02 AM, Jerry McAllister wrote:

Install and set up sudo  (/usr/ports/security/sudo) and create a
configuration for that user so they can run specific commands that
you specify and only those commands.   This is a very good method,
but sometimes it takes some careful thought to deal with the various
commands and their possible arguments that you want to allow or

This is my choice. I haven't done a careful comparison of all of the methods you proposed, but I find this the most natural, particularly after using OS X for 5 years.

This is what I do for myself (there are no other people with accounts on the particular machine.) In /etc/passwd I have a normal user and group that was setup during installation. A added that user to the wheel group in /etc/groups and configured /usr/local/etc/sudoers with the line

  %wheel  ALL=(ALL)       ALL

This works just fine. Users in the wheel group can use sudo to execute things as root, but they only need their own passwords. Root's password is extremely good and basically never used, so it is stored away in some secure manner and doesn't exist in anybody's head.

I like the idea of not having to give out a root-like password but still to require authentication when operating as root. Ever since I learned this trick from OS X, I've been using it everywhere I can install sudo.


Jeffrey Goldberg                        http://www.goldmark.org/jeff/

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to