>Since we're talking favorite 'run a job as root' tools, I love `op'.
>It gives you much finer control than any other tool I've seen.
40 mail messages requested more detail... so much for brevity being
the soul of wit.
What makes op good:
Op runs based on an access table with a format like so:
===============================================================
# People we allow to manage the net
startppp /etc/root/.bin/startppp ; users=scs,clif,ruth,jnd
killppp /etc/root/.bin/killppp $* ; users=scs,clif,ruth,jnd
mount /etc/mount $* ; users=scs
umount /etc/umount $* ; users=scs
#
# For shutdowns
#
shutdown /etc/shutdown -h +1 "Shutdown by user action" ; users=scs,clif,ruth
#
# For steve only
tcsh /usr/bin/tcsh -l ; users=scs password
===============================================================
The first column is the name of the op command people can give, eg,
`op shutdown'. The second is the action that is taken when the command
is given. The third (following the semicolon) is the access control.
In the first two entries, we allow select users to turn the PPP link
on and off. In the second two, I allow myself do do any mounts/umounts
I want without having to su to root. I can use whatever mount parameters
I want.
The shutdown entry permits trusted folks to shut down the machine, but
restricts them to the parameters shown.
The tcsh entry is analogous to 'su -', but only works for me *and* requires
I type my personal password when giving it.
Op has other neat features as well; the man page bears careful reading.
I've put a copy on ftp.msen.com in pub/packages/utils/op.tar.gz. Enjoy.
References:
|
|
