I am working on a project to allow a normal system user access to a very limited subset of programs and scripts. The idea is to allow the user to perform certain maintenance and troubleshooting without actually being able to change anything, such as config file, logs etc. I am convinced that sudo is the way to go, but I need more info (ammo) to convince my boss that simply changing the permissions of the subset of files is a bad idea.
Any help would be greatly appreciated. Tony
