%% jurvis lasalle <lasalle@xxxxxxxx> writes: jl> What kind of authentication is done at your site? I'm assuming jl> since you've only mentioned NFS that you're concerned about users jl> changing their UID and snooping around. What utilities would your jl> users need to change their UID? If you have general root access you can change your UID to anything you want. I guess I'm not sure what you're asking here. jl> Keep in mind one of my favorite quotes about sudo from Linux jl> Administration Handbook by Nemeth et al - "Generally speaking, any jl> attempt to "allow all commands except..." is doomed to failure, at jl> least in a technical sense." I agree with this. In fact I never even considered this approach. jl> If I were you, I would create a very restrictive sudoers file and jl> then add to it as your developers request new commands. That's exactly what I was planning on doing. But I'd prefer to start with a list (or lists) of commands that others have already found useful in their environments, so we can go through that and save ourselves some headaches up-front. I guess I'm out of luck though--I'll pile on the Advil! :). -- ------------------------------------------------------------------------------- Paul D. Smith <psmith@xxxxxxxxxxxxxxxxxx> HASMAT--HA Software Mthds & Tools "Please remain calm...I may be mad, but I am a professional." --Mad Scientist ------------------------------------------------------------------------------- These are my opinions---Nortel Networks takes no responsibility for them. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
