On 04/28/2012 09:50 AM, Zenny wrote: > On Sat, Apr 28, 2012 at 9:38 AM, Daniel Braniss <[email protected]> wrote: > >>> Hi: >>> >>> I could not figure out how to restrict users or other users from certain >>> privileges to execute certain commands in FreeBSD/NanoBSD? >>> >>> What I meant is I want to create a NanoBSD image in which there will be >> an >>> additional user, say 'admin'. I need to give this new user (admin) some >>> privileges to run some root-can-only-execute commands, but not all (ACL >>> similar to the firmwares in adsl modems from ISPs). >>> >>> I read Dru Lavingne's 'BSD Hacks' and Joseph Kong's 'Designing BSD >>> Rootkits' besides FreeBSD handbook, but I simply could not figure out. >>> Could anyone throw some light on this? Appreciate it! >>> >>> Thanks! >>> >>> /zenny >> try sudo from ports, security/sudo >> >> cheers, >> danny >> >> > Thanks Daniel, but sudo gives all (not selective) root privileges to the > user (admin in my case). So this is not what I am trying to achieve in my > original post. If sudo does not work then what about using ACLs?
$ chmod og-rwx /bin/dangerous $ setfacl -m "user:admin:rx" /bin/dangerous -- VZ
signature.asc
Description: OpenPGP digital signature
