Michael MacIsaac wrote:
John,
Why not set up "sudo" for that?
Yes, of course. Thanks. I added the following line to /etc/sudoers and
that did it:
%www ALL=NOPASSWD:/usr/bin/vmcp
That lets all the world to do whatever.
Consider some carefully-crafted scripts that vet the input to weed out
the uglies, and which invoke (safely) scripts in, perhaps,
/usr/local/controlled-sbin that perform the needed functions by running
/usr/bin/vmcp.
You limit access to /usr/local/controlled-sbin using standard Unix
ownerships and permissions, maybe in conjunction with selinux, and you
run sudo from within /usr/local/controlled-sbin.
You can further refine things by requiring the use of a password, which
sudo can read from stdin.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
Please do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
