Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!vsi1!altnet!uunet!portal!cup.portal.com!
From: thad@cup.portal.com (Thad P Floryan)
Newsgroups: comp.unix.wizards
Subject: Re: Reasons for restricting su privilege?
Message-ID: <10238@cup.portal.com>
Date: 20 Oct 88 06:46:12 GMT
References: <6606@pyr.gatech.EDU>
Organization: The Portal System (TM)
Lines: 12

I'm still a "new" SysAdmin so haven't yet formulated policy along the lines
of David Brown's question about restricting super-user privileges, but it'd
seem good sense to me to have (at least) two trusted people at a site with
the capability of su'ing in case one person is ill, out of town, etc.

Re: a program executing "restricted super-user" commands, I recall "something"
named "sudo.c" in the archives that could be the basis for such restriction.
The restricted scope would be defined upon interrogation of a database, the
nature of the command(s), etc.


Thad Floryan [thad@cup.portal.com (OR) ...!sun!portal!cup.portal.com!thad]