Hi list! I have developped several Bourne shell scripts that help some users to accomplish general tasks by choosing an option from a list of options. Such options include, for example, displaying the size of filesystems, (un)mounting filesystems, user account management (add/remove/lock users, etc). As you can imagine, many of these options will require the user to have superuser authorisations.
It would be desirable that only a few users have the permission to execute these shell scripts. Following are my 2 approaches. I don't know which is the best. In addition, but I need some further help details of how to accomplish it, so any hint or suggestion would be highly appreciated. Thanks in advance. ----------- APPROACH 1: ----------- Make root the owner of these shell scripts (rwx). Create a group and make the shell scripts only executable for users belonging to this new group (r-x). For the rest of the world, no permissions. Until here, I see apparently no problems. But what about the permissions to execute some of the commands encapsulated by the shell scripts? For example, adding users, editing crontabs of other users, (un)mounting filesystems... I wouldn't like the users belonging to this new group to have/belong directly root permissions. ----------- APPROACH 2: ----------- Create a special user whose shell entry could be the main shell script (the one who shows the menu of options), that is, no /bin/sh entry or alike, instead the full path to the script who shows the main menu. Then the users should be allowed to change their ID to this special user (using su for example). Again, once su'ed to this user, what the superuser permissions required by most of the options showed in the menu? ************ LEGEZKO OHARRA / AVISO LEGAL / LEGAL ADVICE ************* Mezu honek isilpeko informazioa gorde dezake, edo jabea duena, edota legez babestuta dagoena. Zuri zuzendua ez bada, bidali duenari esan eta ezabatu, inori berbidali edo gorde gabe, legeak debekatzen duelako mezuak erabiltzea baimenik gabe. -------------------------------------------------------------------------- Este mensaje puede contener información confidencial, en propiedad o legalmente protegida. Si usted no es el destinatario, le rogamos lo comunique al remitente y proceda a borrarlo, sin reenviarlo ni conservarlo, ya que su uso no autorizado está prohibido legalmente. -------------------------------------------------------------------------- This message may contain confidential, proprietary or legally privileged information. If you are not the intended recipient of this message, please notify it to the sender and delete without resending or backing it, as it is legally prohibited. ************************************************************************** _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
