Root access loggin
freebsd-questions-local at be-well.ilk.org
Tue Jul 24 18:41:12 UTC 2007
Tom Grove <freebsd at voidmain.net> writes:
> You could even go so far as to limit what he can use sudo on.
> $>man sudo
> Giving him full root access is probably not a good idea.
In practice, this approach *is* effectively giving him full root
access. Once you have to give the tech the ability to edit root-owned
files, you have to trust his honesty. There are some important
advantages to doing it through sudo, though: one is that it makes it
easy for the user to keep track of just the root-privileged commands,
and another is that it's easier for the user to avoid shooting himself
in the foot.
To watch everything done by the remote-connected tech, the most
complete approach is probably watch(8), which is a much simpler way of
getting everything typed on a particular tty.
More information about the freebsd-questions