[vox-tech] User with root privileges
David Margolis
vox-tech@lists.lugod.org
Fri, 21 Nov 2003 10:09:40 -0800 (PST)
On Fri, 21 Nov 2003, Peter Jay Salzman wrote:
>
> ps- i will state again: the thing that you said is not a bad idea is
> STILL not accurate. UID != GID. you say it will "largely have the
> desired effect".
>
> i don't know about you, but when i'm administrating my system, i want to
> have THE desired effect. not largely the desired effect!
>
Well I have to admit I made an assumption about something that I've never
tried before.
I use sudo to get the exact desired effect I'm looking for which is this:
I put user davem (me) in /etc/sudoers and I say _davem can run these
six normally root only programs on this box_. These include ifconfig and
some other things I use alot and don't want to have to login as root with
my very annoying to type (which is a good thing) root password.
Somebody mentioned putting a user in the root group and I made the
assumption that would allow non-root users to _execute_ certain files on
the system (achieving a similar affect to what I do with sudo).
Well I just went into /sbin and did and ls -l * to see if I knew what I
was talking about, and I didn't. Most of the executables in there
(including the ones I would want to use) are owned by the group _bin_, so
I was way off base anyway.
So for all it's worth, you told me so.
I still maintain that sudo is the best way to do the sort of thing
described in the original e-mail, but I'm not 100% sure that's available
for Solaris. I also maintain that making anybody but root uid=0 is a
hack. If it's a clever hack that works, then by all means go for it.