Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Quit yer Whining' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Quit yer Whining
Authored by: bidmead on Feb 20, '03 05:08:09PM

Not to mention the fact that sudo as a command can't properly be tailored to a particular system unless someone on the system has access to /etc/sudoers for editing -- ie, is root.

Any properly managed UNIX system needs root access. The trick is to confine root use only to managing the system, not as a general purpose user.

--
el bid



[ Reply to This | # ]
Quit yer Whining
Authored by: ashill on Feb 20, '03 06:39:07PM

Mac OS X is configured so that all administrators are placed in the admin (80) group, and the admin group is given sudo privileges in /etc/sudoers. Therefore, administrators can edit /etc/sudoers by "sudo visudo", and can create more groups and assign individual non-admin users or groups whatever sudo privileges they merit (none, by default). If an administrator removes the admin group's permission to edit the config file, root has to be enabled, but that's why you only give admin access to people you trust!

Mac OS X does not need root access to be properly managed because administrators have the privileges to temporarily become root (via sudo) to do anything that needs to be done, and this is without sharing one root password among (potentially) multiple administrators.

-Alex Hill



[ Reply to This | # ]