On 9/16/07, Chris <[EMAIL PROTECTED]> wrote: > > So what's the "ideal" way to do things? Adding joeuser in the wheel > group and then add - joeuser ALL=(ALL) ALL in sudoers? And when the > joeuser account gets cracked, the cracker would be able to run > privileged commands? That defies the whole purpose. The other > possibility is to login as root (when are where needed, that is) and > do what is required. But afterboot(8) doesn't recommend that as an > option.
>From ESR's FAQ on asking useful questions (http://catb.org/~esr/faqs/smart-questions.html#goal): "If you are trying to find out how to do something (as opposed to reporting a bug), begin by describing the goal. Only then describe the particular step towards it that you are blocked on." Why are you trying to give some users access to some privileged commands, and can you give more examples of the commands they need access to? There might be a better way to do what you're trying to do, but we won't know that until we understand what it is you're trying to do. (In the big picture sense, not in the "how do I make this work with sudo?" sense.) As far as adding users to the sudoers file, doing so usually implies a certain level of trust. If you can not trust the user to monitor their account, and if you cannot trust the user to use a strong password and keep it secret, then you cannot trust the user with sudo access. Also, every privileged command that you give the users access to is a resource which they might use in a way that you didn't think of. - R.
