Paul Johnson wrote:
<#secure method=pgp mode=sign> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gebhardt Thomas <[EMAIL PROTECTED]> writes:
it is possible to delegate the adding and removing of users to a
non-root account without getting too much security hassle?
(no alteration of system accounts possible, ...)
Yup.
If so, is there an easy established/preferred/canonical way to do this?
I believe sudo is probably what you're looking for. Other people
might be able to speak up about specific configurations needed to
facilitate limiting user ability to just adduser/deluser.
I already explained that doesn't work.
You can probably make a wrapper to make it safe, but allowing anyone the untramelled ability to create/change/delete accounts gives them the keys to the kingdom.
--
Cheers John
-- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]