Scott Rohling wrote:
We implemented this within IBM:
- created userid 'support' on all Linux guests - made it a 'no login' user
- Put support in sudoers to allow commands with NOPASSWD on all guests
- Distributed the 'authorized_keys' to /home/support/.ssh with the support
user's public key on the central system.
so in effect you have dozens (hundreds) of users all called "support."
I use the account name "summer" for most machines I use, but I (almost)
always create new keys on each one, and distribute them where needed.
You haven't explained to my understanding how your account "support"
differs from "root" in controlling what users might do willfully. I can
see it might prevent some accidents.
Are your support users prevented from this command?
sudo /bin/bash
--
Cheers
John
-- spambait
[email protected] [email protected]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
