[BLUG] A Couple Questions

[Simon Ruiz]

I'd be the user, so couldn't I just keep it in my home folder?
 
Policy is: No.
 
Policy also is: Don't bother us about your Linux stuff.
 
I'm not wanting to allow anyone but myself (administrator) to run administrative commands at all. And I don't want to disable password prompting completely, it's saved me from stupid mistakes before. Just maybe set it up so a specific script that needs to do a specific command can bypass the password prompting (maybe there's a command line switch I could use...) so I don't have to run around to every single computer to run the script.
 
And yes, that's very comforting...another reason why I'd want to keep it in a central location and rm it immediately afterwards (both from the workstations and from the server).
 
Now, lunch beckons, cya later!
 
Sim?n

________________________________

From: blug-admin_at_cs.indiana.edu on behalf of Gaddis, Jeremy L.
Sent: Wed 1/31/2007 11:24 AM
To: blug_at_cs.indiana.edu
Subject: RE: [BLUG] A Couple Questions



My example was for PHP, specifically.  You *could* do something similar
for shell scripts as well, but remember that the password always has to
be *somewhere* that's readable by the user running the script.

Talk to your Active Directory admins, by the way.  It is (technically)
possible for them to set up a separate account for you that only has
permissions to join workstations to the domain (without any other
"administrative" permissions) -- whether they would do so may be a
matter of policy, however.

You can make it possible for users to run certain commands as root using
sudo without requiring a password as well (see /etc/sudoers).

If they boot a LiveCD, nothing is safe.  Comforting, huh?  =)


--
Jeremy L. Gaddis
Network Administrator
812.330.6156 (w)  812.391.0358 (m)