Path: utzoo!utgpu!watmath!clyde!ima!cfisun!lakart!dg From: dg@lakart.UUCP (David Goodenough) Newsgroups: comp.unix.questions Subject: Re: System administration Message-ID: <339@lakart.UUCP> Date: 24 Nov 88 22:39:28 GMT References: <17633@adm.BRL.MIL> Organization: Lakart Corporation, Newton, MA Lines: 27 From article <17633@adm.BRL.MIL>, by D_AGC%vaxa.nerc-keyworth.ac.uk@nss.cs.ucl.ac.uk: ] I'm looking for one or more utilities which could be used to provide a ] limited and well controlled system administration environment for a ] generic unix system. The intention is that these could be used by a ] designated user (or users) to create (maybe delete) user accounts, ] initiate file-sys saves and restores, and other system admin type ] stuff without requiring that anyone log on as superuser because (where ] necessary) the software would setuid superuser. ] ] The sys admin environment would be used by a trusted user of the ] system who would need to be both protected from the system and from ] whom the system would need to be protected. It would not have to be ] all embracing, merely to cover the more common requirements, such as ] those just mentioned, as anything more demanding would be done by a ] member of the computer services staff. I don't know if it will be posted, but I submitted a program "secure" to comp.sources.unix. This could very easily be changed to do what is wanted here: simply have it check if the real user id of it's invoker is on some form of trusted list. Then by changing the things in the list of secure programs, you'd be all set. If secure does get approved, people might want to comment on the viability of doing this. -- dg@lakart.UUCP - David Goodenough +---+ | +-+-+ ....... !harvard!xait!lakart!dg +-+-+ | AKA: dg%lakart.uucp@harvard.harvard.edu +---+