Sudo as Another User
Philippe Casgrain
casgrain at magellan.umontreal.ca
Wed Feb 25 19:27:50 PST 2004
Gretchen Hayman <gretchen at sedl.org> wrote:
> By default in Mac OS X, _ANY_ admin user automatically has sudoer
> privileges(!). I prefer to make such security decisions myself, so we
> edit our /etc/sudoers files to only allow certain admin accounts to
> have sudoer privileges. Basically it boils down to the fact that there
> are some users I would trust to use Software Update, but wouldn't trust
> with sudoer powers. They know just enough to be incredibly
> dangerous/stupid, so no sense handing them a loaded weapon to practice
> with.
While I'm not privy to the details of your setup, why not make these
users regular users? That's my solution, even I am a regular user on my
system(s). I have an admin account on each system, and it doesn't show
up in the LoginWindow because I cleared its "realname" in NetInfo
manager. That prevents the casual user from even finding out the name
of the admin account (they can find it in NetInfo manager, of course).
Software Update can be run remotely, through ssh and the command line,
so it's a non-issue for me.
Philippe
More information about the X-Unix
mailing list