System administration
David Goodenough
dg at lakart.UUCP
Fri Nov 25 08:39:28 AEST 1988
>From article <17633 at adm.BRL.MIL>, by D_AGC%vaxa.nerc-keyworth.ac.uk at nss.cs.ucl.ac.uk:
] I'm looking for one or more utilities which could be used to provide a
] limited and well controlled system administration environment for a
] generic unix system. The intention is that these could be used by a
] designated user (or users) to create (maybe delete) user accounts,
] initiate file-sys saves and restores, and other system admin type
] stuff without requiring that anyone log on as superuser because (where
] necessary) the software would setuid superuser.
]
] The sys admin environment would be used by a trusted user of the
] system who would need to be both protected from the system and from
] whom the system would need to be protected. It would not have to be
] all embracing, merely to cover the more common requirements, such as
] those just mentioned, as anything more demanding would be done by a
] member of the computer services staff.
I don't know if it will be posted, but I submitted a program "secure"
to comp.sources.unix. This could very easily be changed to do what is
wanted here: simply have it check if the real user id of it's invoker
is on some form of trusted list. Then by changing the things in the
list of secure programs, you'd be all set. If secure does get approved,
people might want to comment on the viability of doing this.
--
dg at lakart.UUCP - David Goodenough +---+
| +-+-+
....... !harvard!xait!lakart!dg +-+-+ |
AKA: dg%lakart.uucp at harvard.harvard.edu +---+
More information about the Comp.unix.questions
mailing list