Re: System administration tool

On Sat, 10 Apr 1999 15:16:20 Dave Stagner wrote:

> Well, i can't speak to COAS, as i haven't used it yet (the rpm version
> coredumps, and i haven't compiled source yet).  Linuxconf... well,
> it's dog slow, just coredumped on me when i clicked a "don't quit"
> button, etc, but those things can be fixed.  More importantly, though,
> it MUST run as root.  One of my fundamental design goals is to provide
> a secure tool for users to administrate any part of the system,
> without knowing the root password or executing any commands as root.
> The standard Unix mechanism for this is suid root, but suid programs
> are generally security holes.  Moreover, it's difficult to provide
> sophisticated access control that way, such as giving only one or two
> years certain root privileges.  

Can't sudo or runas provide a sort of mechanism for access control lists?

> Take a common example from business environments running Novell... the
> help desk can change user passwords.  Do we simply hand root access to
> the help desk for this?  Nope... it should be possible to provide root
> authority for ONE task to ONE user, without giving them root password
> or giving others the same authority via suid.  Linuxconf can't do
> this.  My system should be able to do this, via access control lists.  

I don't understand.  Why shouldn't the help desk have root access?

Jesse D. Sightler

"An honest answer can get you into a lot of trouble." 
         - Anonymous

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]