user changable brightness?
olli at lurza.secnetix.de
Wed Sep 28 06:28:04 PDT 2005
Emanuel Strobl wrote:
> Oliver Fromme wrote:
> > [...]
> > How about using "sudo" or "super" (from ports collection)?
> Hmm, I never used these but I guess you have to enter the SuperUser
No, not necessarily. You can configure it in a way so that
a script can be executed by specific users (or groups) under
controlled conditions with root priviledges.
If you've never used "sudo" or "super" before, I suggest you
just give it a try and install /usr/ports/security/super.
(Personally I prefer "super", because its configuration is
Here's a simple real-world configuration example:
/srv/apache/cgi-bin/cvsweb /srv/apache/cgi-bin/cvsweb \
apache at example.de nargs=0 uid=cvs gid=<caller> \
This enables the "apache" user to run the cvsweb CGI as the
"cvs" user on the host example.de (with no arguments, and
only passing the environment variables given). No password
is required to be entered, obviously.
PS: In my opinion, there is no reason to implement ACLs,
permission modes or similar things for the sysctl MIB.
That would add significant complexity for no real benefit,
because there are already tools like sudo or super which
can be used with great flexibility.
For example, look at the existing sysctl vfs.usermount.
When set to 1, it allows ordinary users to mount devices
(provided they have access to the device and own the
But: What if you want to enable users in group A to mount
floppies and CDs, while allowing users in group B to mount
USB memory sticks, but only read-only? What if you want to
force them to mount things only in their home, but not in
/tmp or anywhere else? What if you want to enable mounts
only for those users who are logged on the console? What
if you want to restrict by date or time? What if you want
any user mount to be logged via syslog?
All of that is really trivial to do with "super" (each is
a one-liner in the configuration).
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"With sufficient thrust, pigs fly just fine. However, this
is not necessarily a good idea. It is hard to be sure where
they are going to land, and it could be dangerous sitting
under them as they fly overhead." -- RFC 1925
More information about the freebsd-current