* zhang zhengquan <zhang.zhengq...@gmail.com> [2009 Mar 28 19:27 -0500]: > I wonder if a sysadmin should keep the root privilege safe and not > give sudo to anybody anybody else. and if there is more secure ways of > enabling root privilege to normal users?
I'm no security or sudo expert, but it seems to me that the devs should only have access to the commands they need. For example if they need to install to /usr/local/ using `make install' you can enable that specific command. For example I did that for myself (single user box) so that I could run `sudo make install|uninstall' without having to enter my password: %USER HOSTNAME=NOPASSWD: /usr/bin/make I replace USER and HOSTNAME with my local values. The sudoers man page is quite extensive as well. - Nate >> -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Ham radio, Linux, bikes, and more: http://n0nb.us/index.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
