comp.os.linux.networking
back to index
From: Simon Tatham
Date: Monday, April 07, 2008 1:20 PM
Subject: Re: How to PREVENT a user from logging in through SSH
Ignoramus10392
> I do need from time to time to perform root tasks from scripts, for
> example restarting named after DNS zone files update.
http://www.chiark.greenend.org.uk/~ian/userv/ might be useful to
you.
It's roughly equivalent to setting up a setuid program permitting a
specified set of users to request a specific service of root (or
someone else), except that it's generally more secure than setuid
programs since it goes through a daemon to avoid passing through
arbitrary malicious process context.
Restarting named is just the sort of thing it'd be ideal for. In
fact I use it for that myself.
--
Simon Tatham "Every person has a thinking part that wonders what
