I would not restrict usage on any individual system, this will just lead to frustration on the developers part. What are you trying to protect on individual systems? Consider a Windows solution instead as they are quite up on resticting user activities. PB On Thu, 2003-10-09 at 15:30, Paul Smith wrote: > Hi all; > > We are deploying Linux on developers' desktops and undergoing a review > of what sort of security model we need. Since these are developers they > have the knowledge and often the need to customize their system in > various ways that require root access as they use it during their > development efforts. > > One idea being floated is that, instead of giving users full root > privileges to their desktop, they be allowed to run a well-defined set > of commands via "sudo". > > Obviously this now pushes the battle down into the trenches of exactly > what commands constitute this set, with the tug-of-war between the > developers' need to manage their desktop, the security team's need to > keep things secure, and IS's need to keep a maintainable environment. > > > So, I was wondering if other folks here have gone through this exercise > and have lists of commands that they allow for sudo, that works for > them; or any advice on this. > > Thanks! > > -- > ------------------------------------------------------------------------------- > Paul D. Smith <psmith@xxxxxxxxxxxxxxxxxx> HASMAT--HA Software Mthds & Tools > "Please remain calm...I may be mad, but I am a professional." --Mad Scientist > ------------------------------------------------------------------------------- > These are my opinions---Nortel Networks takes no responsibility for them. > ________________________________________________________________________ E-mail is an informal method of communication and may be subject to data corruption, interception and unauthorised amendment for which Digital Bridges Ltd will accept no liability. Therefore, it will normally be inappropriate to rely on information contained on e-mail without obtaining written confirmation. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ________________________________________________________________________ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
