On Wed, 2005-04-06 at 14:59, Chethiya K Ranaweera wrote: > On Apr 6, 2005 1:32 AM, Michael Green <mishagreen@xxxxxxxxx> wrote: > > On Apr 6, 2005 6:22 AM, Justin Zygmont <jzygmont@xxxxxxxxxxxxx> wrote: > > > sudo can't actually do everything, for instance how could you do an: > > > echo "aaaaa" >>file to a file which is only writable by root? > > > > Do > > sudo -s > > and then you can do anything you want. > > > Giving root password to a user is not wise. My question is why can't > we give change GID to 0 or some thingelse and grant any aceess to > somebody else, let's say, a part-time administrator?? So that he can > update the system, look in /lost+found ...etc. Granting even partial privileges problematic. You must trust the user you are giving that ability to. Allowing someone to update the system and access pretty much anything on the system via any means is the same as giving them root password. If you are trying to provide limited admin access the proper way is what has been suggested, use sudo to provide the limited access. If you want to allow someone to do pretty much anything then they should be allowed to use su - to get root access. If you don't trust them with that then I would not trust them to update the system. Not giving out root access but allowing them to do anything on the system that requires root access does not make much sense. -- Scot L. Harris webid@xxxxxxxxxx Do not take life too seriously; you will never get out of it alive.
