> -----Original Message-----
> From: James Melin [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 13, 2005 02:02 PM
> To: [email protected]
> Subject: SUDO access granularity
>
> Is there any way to limit what processes someone could kill when using
> Sudo?
>
> Our websphere administrator wants the authority to kill a hung java thread
> should the need arise, and he wants the root password. I do not want to and
> will not give it to him. I am being directed by my management to 'just give
> it to him' but I really think that is an astonishingly bad idea.
>
> Is there a way to setup sudo so that if you issue a kill -9 against a
> thread it only allows it if the thread is owned by websphere?
>

Maybe not better, but easier (and safer) would be for you to write a
command/shell script to perform the actual "kill" and then give the admin
sudo access to THAT command.

Even better, would be to give the admin access to the effective UID that
the java thread runs under (he IS the admin, after all ;).

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to