Restricting users from certain privileges
Václav Zeman
vhaisman at gmail.com
Sat Apr 28 09:14:01 UTC 2012
On 04/28/2012 09:50 AM, Zenny wrote:
> On Sat, Apr 28, 2012 at 9:38 AM, Daniel Braniss <danny at cs.huji.ac.il> wrote:
>
>>> Hi:
>>>
>>> I could not figure out how to restrict users or other users from certain
>>> privileges to execute certain commands in FreeBSD/NanoBSD?
>>>
>>> What I meant is I want to create a NanoBSD image in which there will be
>> an
>>> additional user, say 'admin'. I need to give this new user (admin) some
>>> privileges to run some root-can-only-execute commands, but not all (ACL
>>> similar to the firmwares in adsl modems from ISPs).
>>>
>>> I read Dru Lavingne's 'BSD Hacks' and Joseph Kong's 'Designing BSD
>>> Rootkits' besides FreeBSD handbook, but I simply could not figure out.
>>> Could anyone throw some light on this? Appreciate it!
>>>
>>> Thanks!
>>>
>>> /zenny
>> try sudo from ports, security/sudo
>>
>> cheers,
>> danny
>>
>>
> Thanks Daniel, but sudo gives all (not selective) root privileges to the
> user (admin in my case). So this is not what I am trying to achieve in my
> original post.
If sudo does not work then what about using ACLs?
$ chmod og-rwx /bin/dangerous
$ setfacl -m "user:admin:rx" /bin/dangerous
--
VZ
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20120428/a7a52311/signature.pgp
More information about the freebsd-stable
mailing list