Dominic Coulombe wrote:
Hi Alan,
I would use "sudo" for this purpose.
You can configure this user to execute only selected commands as root. The
user only need to provide his own password. Every attemps to run unallowed
commands is reported (logged).
You can allow the startup/shutdown script to be run by this user, but be
sure that the script is not writable by him, or you are giving root access
to the whole system...
sudo bash would give a root shell to this user...
When I installed opensuse here I discovered the default config for sudo
is to require the target users's password: this needs to be checked and
changed.
I surmise from others' responses that the SUSE scripts are a little fragile.
I expect a wrapper script that unsets all but known good environment
variables and explicitly sets PATH (maybe HOME) and any others needed
would be a reasonable workaround.
You can also do magic with ssh, restricting a user who authenticates
with a specific key to selected commands, perhaps one that says:
1. Start Apache
2. Reload Apache
3. Stop Apache
4. Apache status
Q. Bye
and validates the input would suffice.
Or a CGI (or similar) interface... Maybe Webmin.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
