On Mon, Aug 4, 2008 at 10:35, David Brown <[EMAIL PROTECTED]> wrote: > On Mon, Aug 04, 2008 at 02:20:10AM -0700, Ralph Shumaker wrote: > > The manuals have enlightened me on some things, but confused me on many >> others. I want rafael to have full sudo access, but only if he is at this >> keyboard I am using right now, regardless of whatever IPv4 (or IPv6) address >> is currently assigned to eth0 by my DSL ISP. I don't know if the IPv6 >> address ever changes. I haven't paid attention. If it doesn't, perhaps I can >> somehow use that to lock it in? >> > > > Do you plan on not allowing remote logins for this user? > > I think this hits what is necessary for you to do what you want. Create two users for these people.
1) Can log in remotely only, and doesn't have sudo access to commands 2) Can log in locally, and does have sudo access to commands. I all you are trying to do is allow access to shutdown and reboot the system. PAM allows you to set restrictions for who and where you are allowed to reboot as and from. You might be able to affect access to run sudo using PAM, if sudo is compiled with PAM support. I really think PAM is your only solution on determining where a user is coming from for something like this, without writing a wrapper script of some sort. -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
