Ideas for ssh / sudo
pll at mclinux.com
Tue Oct 10 15:05:58 EDT 2000
In a message dated: 11 Oct 2000 00:41:36 +0600
>I have a problem that maybe someone on the list can help me out on.
>I need a to set up my sales guys to be able to addemail aliases on a
>server which they don't have accounts on. I was planning on useing sudo
>and ssh to do it. If anyone has done this or something close to it.
>Please drop me a email with any ideas or problems that you ran into.
Well, you could easily let them do something like:
sudo <some priv. account> ssh <restricted system>
However, they are then logged into that system as that user and have all the
priviledges of that users. What I would recommend is either create them
each accounts on that server which have the right to edit the aliases file,
or, better yet, what I would do here, is set up a web page they must log into
which asks them for an alias name and a list of user names/e-mail addresses
to add to the list, then have the web server kick off the update of the
aliases file. Though there is a certain level of insecurity in that as well.
Thinking about it, it may be better to set up something like majordomo or
mailman and give them admin priviledges to certainn mail lists. That way they
can update it to their hearts content.
If I come up with anything else, I'll post it here :)
I'm in shape, my shape just happens to be pear!
If you're not having fun, you're not doing it right!
More information about the sudo-users