From: Michael Zawrotny (zawrotny_at_jaguar.sb.fsu.edu)
Date: 10 Jun 2005 13:22:54 GMT
On Fri, 10 Jun 2005 07:36:53 GMT, Jacco <email@example.com> wrote:
> How things stand now its necessary for me to provide the root
> password if users want to modify their own systems. Given they are
> the customers I cannot really deny this.
Take a look into sudo. It was designed to allow administrators to
allow limited root privileges for selected commands and/or users (and
combinations thereof). To really lock down what people can do will
take more reading and work (not allowing programs with shell escapes,
etc.), but there is a lot of information out there on how to do that
if it is worthwhile for you to do so.
> Anyway if I refuse to give it to them they will just reboot into
> maintenance mode and change it and then do what they like possibly
> causing more damage.
Then you make sure that the terms of your contract with them clearly
state that fixing problems that they make by circumventing their user
accounts is outside of the contracted work, and will result in
-- Michael Zawrotny Institute of Molecular Biophysics Florida State University | email: firstname.lastname@example.org Tallahassee, FL 32306-4380 | phone: (850) 644-0069