Ideas for ssh / sudo
n9bc at netnet.net
Tue Oct 10 15:19:10 EDT 2000
Thanks for the input. I was thinking about the webpage idea. But I'd
rather not have a web server running on that machine. If you can think
of anything else let me know.
> In a message dated: 11 Oct 2000 00:41:36 +0600
> Brent said:
> >I have a problem that maybe someone on the list can help me out on.
> >I need a to set up my sales guys to be able to addemail aliases on a
> >server which they don't have accounts on. I was planning on useing sudo
> >and ssh to do it. If anyone has done this or something close to it.
> >Please drop me a email with any ideas or problems that you ran into.
> Well, you could easily let them do something like:
> sudo <some priv. account> ssh <restricted system>
> However, they are then logged into that system as that user and have all the
> priviledges of that users. What I would recommend is either create them
> each accounts on that server which have the right to edit the aliases file,
> or, better yet, what I would do here, is set up a web page they must log into
> which asks them for an alias name and a list of user names/e-mail addresses
> to add to the list, then have the web server kick off the update of the
> aliases file. Though there is a certain level of insecurity in that as well.
> Thinking about it, it may be better to set up something like majordomo or
> mailman and give them admin priviledges to certainn mail lists. That way they
> can update it to their hearts content.
> If I come up with anything else, I'll post it here :)
> I'm in shape, my shape just happens to be pear!
> If you're not having fun, you're not doing it right!
More information about the sudo-users