On Wed, 2005-04-06 at 14:21, Scot L. Harris wrote: > > > > Giving root password to a user is not wise. My question is why can't > > we give change GID to 0 or some thingelse and grant any aceess to > > somebody else, let's say, a part-time administrator?? So that he can > > update the system, look in /lost+found ...etc. > > Granting even partial privileges problematic. You must trust the user > you are giving that ability to. Allowing someone to update the system > and access pretty much anything on the system via any means is the same > as giving them root password. > > If you are trying to provide limited admin access the proper way is what > has been suggested, use sudo to provide the limited access. > > If you want to allow someone to do pretty much anything then they should > be allowed to use su - to get root access. If you don't trust them with > that then I would not trust them to update the system. > > Not giving out root access but allowing them to do anything on the > system that requires root access does not make much sense. Realistically, someone who had to ask that question in the first place is not going to be able to configure sudo to the extent needed to allow a useful set of operations but prevent unauthorized operations. That's probably not even possible - for example you might want an operator to be able to change all passwords except for root. So, you might as well admit that you have to trust the person doing the administration. If you don't, I'd consider webmin as a better starting place than sudo. -- Les Mikesell les@xxxxxxxxxxxxxxxx