On Feb 22, 2007, at 11:02 AM, Jerry McAllister wrote:
Install and set up sudo (/usr/ports/security/sudo) and create a
configuration for that user so they can run specific commands that
you specify and only those commands. This is a very good method,
but sometimes it takes some careful thought to deal with the various
commands and their possible arguments that you want to allow or
disallow.
This is my choice. I haven't done a careful comparison of all of the
methods you proposed, but I find this the most natural, particularly
after using OS X for 5 years.
This is what I do for myself (there are no other people with accounts
on the particular machine.) In /etc/passwd I have a normal user and
group that was setup during installation. A added that user to the
wheel group in /etc/groups and configured /usr/local/etc/sudoers with
the line
%wheel ALL=(ALL) ALL
This works just fine. Users in the wheel group can use sudo to
execute things as root, but they only need their own passwords.
Root's password is extremely good and basically never used, so it is
stored away in some secure manner and doesn't exist in anybody's head.
I like the idea of not having to give out a root-like password but
still to require authentication when operating as root. Ever since I
learned this trick from OS X, I've been using it everywhere I can
install sudo.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
