On Fri, 29 Apr 2011 12:05:24 +0000 (UTC) Stuart Henderson wrote: > This sort of menu might make things a little easier but it's not going > to make them safer, people can do quite enough damage with just these > options. >
Yeah, you can give read access to your users to the devices or log files required by tcpdump. But it expects root and will exit anyway. Running this especially as root on a firewall is not a brilliant idea. > If your colleagues are familiar with cisco-style CLI it might be > worth looking at nsh to make it easier for them, but if they're going > to have to learn from scratch whatever you do, it's probably more > useful to teach them the native tools. Yep those skills will be far more functional and will for the most part work on other far more cost effective and as or more useful applicances and for completely seperate uses too.
