Allowing users to start or stop a service
Greetings and happy thanksgiving to all! Now, down to business... We have a set of users who need the power to stop/start their own particular service/daemon. I've tried granting user rights directly to the init script, but that doesn't work. I am looking into sudo, but am not sure it can be specific to only 1 service, and not all of them? let me know what ya'll think and THANKS!
Yeah you can limit a sudoer execution to one script or program. This has the added benefit of being rather extensible, just by modifiying the sudoers file Happy T-day -Andy On 11/24/05, Mike Leo <mleo963@yahoo.com> wrote:
Greetings and happy thanksgiving to all!
Now, down to business...
We have a set of users who need the power to stop/start their own particular service/daemon.
I've tried granting user rights directly to the init script, but that doesn't work.
I am looking into sudo, but am not sure it can be specific to only 1 service, and not all of them?
let me know what ya'll think and THANKS!
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
-- -Andy
Mike> We have a set of users who need the power to Mike> stop/start their own particular service/daemon. Mike> I've tried granting user rights directly to the init Mike> script, but that doesn't work. Nope, this won't work at all. Mike> I am looking into sudo, but am not sure it can be specific to Mike> only 1 service, and not all of them? sudo will do exactly what you want, but you also need to be careful that the user(s) can't run arbitrary program from with sudo or the script(s) they are allowed to run. For example: sudo vi /path/to/file is just a gaping security hole, since the user can now either push to to a sub-shell from within vi, or edit another file. Go see the docs and such on: http://www.courtesan.com/sudo/ and I really recommend that you go with this tool. John
Thanks for the feed back...I will continue down the sudo path. --- John Stoffel <john@stoffel.org> wrote:
Mike> We have a set of users who need the power to Mike> stop/start their own particular service/daemon.
Mike> I've tried granting user rights directly to the init Mike> script, but that doesn't work.
Nope, this won't work at all.
Mike> I am looking into sudo, but am not sure it can be specific to Mike> only 1 service, and not all of them?
sudo will do exactly what you want, but you also need to be careful that the user(s) can't run arbitrary program from with sudo or the script(s) they are allowed to run.
For example:
sudo vi /path/to/file
is just a gaping security hole, since the user can now either push to to a sub-shell from within vi, or edit another file. Go see the docs and such on: http://www.courtesan.com/sudo/ and I really recommend that you go with this tool.
John _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
participants (3)
-
Andrew Mellors -
John Stoffel -
Mike Leo