Early Retirement & Financial Independence Community - View Single Post

laurence · 03-04-2006, 12:48 PM

We are required to use commercial version, so I can't compare for you.

Well, you can limit what tasks a user account can execute with sudo, just add the accounts to the sudoers file and then they don't have to "know" the root password. Sudo is pretty granular, it doesn't have to be all or nothing on the priveleges (for example, my account at work will let me sudo, but I can't VI the password file, or even ls the shadow file). So the root password can me 28 characters and use all those hard password rules, then you can have a "emailadmn" account that can accomplish only certian tasks...well, I'm sure you know better than I.

03-04-2006, 12:48 PM	#12
laurence Moderator Emeritus Join Date: Feb 2005 Location: San Diego Posts: 4,958	We are required to use commercial version, so I can't compare for you. Well, you can limit what tasks a user account can execute with sudo, just add the accounts to the sudoers file and then they don't have to "know" the root password. Sudo is pretty granular, it doesn't have to be all or nothing on the priveleges (for example, my account at work will let me sudo, but I can't VI the password file, or even ls the shadow file). So the root password can me 28 characters and use all those hard password rules, then you can have a "emailadmn" account that can accomplish only certian tasks...well, I'm sure you know better than I.