On Tue, Mar 04, 2003 at 04:38:24PM -0600, Alec Berryman wrote: > > Now, here is my idea. Create a third user, 'admin'. Add 'admin' to the > > 'wheel' group instead of dcarrera, but give admin the ability to install > > regular packages. In other words, admin would have write access to /usr. > > > > So, when I want to install a regular package I would su to admin. And > > when I need to do something more (like modify /etc, /boot, /bin, etc) I > > would su again to become root. > > Yes and no. The problem comes when a program tries to install > system-wide settings to /etc. Everything from metalog to prozilla does > this. Gentoo doesn't do much with installing into /usr/local, but you > might want to investigate that if you are doing manual compilation.
Are all system-wide settings in a particular directory? (e.g. /etc/settings). If so, could I then create 'admin' and give him write access to /usr and - say - /etc/settings ? Would that be a good idea? (from the point of view of security). > Protecting /boot is equally as easy - make it a separate, small > partition and don't allow write access - or don't even mount it. Do I need /boot mounted to boot the system? Can I just comment out the '/boot ...' line in /etc/fstab? -- Daniel Carrera Graduate Teaching Assistant. Math Dept. University of Maryland. (301) 405-5137 -- [EMAIL PROTECTED] mailing list
