Restricting users from certain privileges
Konstantin Belousov
kostikbel at gmail.com
Sat Apr 28 09:48:02 UTC 2012
On Sat, Apr 28, 2012 at 11:29:58AM +0200, Dimitry Andric wrote:
> On 2012-04-28 09:50, Zenny wrote:
> > On Sat, Apr 28, 2012 at 9:38 AM, Daniel Braniss <danny at cs.huji.ac.il> wrote:
> ...
> >> try sudo from ports, security/sudo
> > Thanks Daniel, but sudo gives all (not selective) root privileges to the
> > user (admin in my case).
>
> This isn't true. With sudo, you can give specific users, or groups of
> users, restricted lists of commands they can run, and even specify on
> which particular machines they can be run.
Sure, but if the allowed commands were not specifically designed to
be run with elevated privileges, you typically give the user ability
to run any command with elevated privileges.
Even specially designed commands sometimes give away much more power
then intended.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20120428/89037c51/attachment.pgp
More information about the freebsd-stable
mailing list