more on superuser
grd
grd at iwu1d.UUCP
Tue Jun 19 05:19:54 AEST 1984
...
Dave:
We had a similiar problem like this which we resolved as
follows:
We used two login accounts to accomplish this task.
Login xx root level was owned by login yy. The profile
was also owned by login yy and granted write permission via su
within the profile. A limited number of functions were allowed
via profile control. Traps were set to ignore breaks etc on login.
This will prevent the su people to even look at anything because
the permission level will not permit them to do so. The only
fallacy... They still can play games etc in the /usr/tmp or /tmp
or their own ids, but I don't think you were concered about this
because if they already have an account on the machine,
they work for the company.
Garry R. Daly
iwu1d!grd
AT&T-T
..
More information about the Comp.unix
mailing list