Re: System administration tool
- From: "Jesse D . Sightler" <jsight mindspring com>
- To: Dave Stagner <dave spnz org>
- Cc: John Kodis <kodis jagunet com>, gnome-devel-list gnome org
- Subject: Re: System administration tool
- Date: Sat, 10 Apr 1999 22:15:20 -0400
On Sat, 10 Apr 1999 15:16:20 Dave Stagner wrote:
> Well, i can't speak to COAS, as i haven't used it yet (the rpm version
> coredumps, and i haven't compiled source yet). Linuxconf... well,
> it's dog slow, just coredumped on me when i clicked a "don't quit"
> button, etc, but those things can be fixed. More importantly, though,
> it MUST run as root. One of my fundamental design goals is to provide
> a secure tool for users to administrate any part of the system,
> without knowing the root password or executing any commands as root.
> The standard Unix mechanism for this is suid root, but suid programs
> are generally security holes. Moreover, it's difficult to provide
> sophisticated access control that way, such as giving only one or two
> years certain root privileges.
Can't sudo or runas provide a sort of mechanism for access control lists?
> Take a common example from business environments running Novell... the
> help desk can change user passwords. Do we simply hand root access to
> the help desk for this? Nope... it should be possible to provide root
> authority for ONE task to ONE user, without giving them root password
> or giving others the same authority via suid. Linuxconf can't do
> this. My system should be able to do this, via access control lists.
I don't understand. Why shouldn't the help desk have root access?
---------------
Jesse D. Sightler
http://www3.pair.com/jsight/
"An honest answer can get you into a lot of trouble."
- Anonymous
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
