On 9/16/07, Aaron W. Hsu <[EMAIL PROTECTED]> wrote: > What exactly are you trying to enable users to do? The fact that you need to > provide normal users with these kind of privileges indicates a possible flaw > in your overall scheme. You may find that, after careful reconsideration, > there are precious few commands that you would actually have to allow the > users to run with superuser privileges.
So what's the "ideal" way to do things? Adding joeuser in the wheel group and then add - joeuser ALL=(ALL) ALL in sudoers? And when the joeuser account gets cracked, the cracker would be able to run privileged commands? That defies the whole purpose. The other possibility is to login as root (when are where needed, that is) and do what is required. But afterboot(8) doesn't recommend that as an option.
