Hi all; We are deploying Linux on developers' desktops and undergoing a review of what sort of security model we need. Since these are developers they have the knowledge and often the need to customize their system in various ways that require root access as they use it during their development efforts. One idea being floated is that, instead of giving users full root privileges to their desktop, they be allowed to run a well-defined set of commands via "sudo". Obviously this now pushes the battle down into the trenches of exactly what commands constitute this set, with the tug-of-war between the developers' need to manage their desktop, the security team's need to keep things secure, and IS's need to keep a maintainable environment. So, I was wondering if other folks here have gone through this exercise and have lists of commands that they allow for sudo, that works for them; or any advice on this. Thanks! -- ------------------------------------------------------------------------------- Paul D. Smith <psmith@xxxxxxxxxxxxxxxxxx> HASMAT--HA Software Mthds & Tools "Please remain calm...I may be mad, but I am a professional." --Mad Scientist ------------------------------------------------------------------------------- These are my opinions---Nortel Networks takes no responsibility for them. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
