1 |
On Tue, Sep 11, 2012 at 11:51:30PM +0100, Neil Bothwick wrote |
2 |
|
3 |
> It's the idea of leaving a root console open for all to access that is |
4 |
> the issue, not the commands you run in it. |
5 |
|
6 |
Fully agree that's a bad idea. My system uses sudoers. I.e. in |
7 |
/etc/sudoers.d/001 I have the lines... |
8 |
|
9 |
user2 d531 = (root) NOPASSWD: /usr/local/bin/ux * |
10 |
waltdnes d531 = (root) NOPASSWD: /usr/local/bin/ux * |
11 |
|
12 |
...where /usr/local/bin/ux consists of... |
13 |
|
14 |
#!/bin/busybox ash |
15 |
pumount ${1} |
16 |
|
17 |
...and in my home directory I have ~/bin/um which consists of... |
18 |
|
19 |
#! /bin/busybox ash |
20 |
sudo /usr/local/bin/ux ${1} |
21 |
|
22 |
...So I can, as a regular user, execute at the commandline... |
23 |
|
24 |
um sdb1 |
25 |
|
26 |
...and /media/sdb1 is unmounted. No need to log on as root or have a |
27 |
root shell. |
28 |
|
29 |
-- |
30 |
Walter Dnes <waltdnes@××××××××.org> |
31 |
I don't run "desktop environments"; I run useful applications |