Matthew Melvin wrote:
>
> On Mon, 26 Feb 2001 at 5:30am (-0500), Jerry Human wrote:
> > So my question today is two fold: (a) where can I finally learn how to
> > handle permissions in different contexts, and (b) how can I set up rdate
> > to set the system time when run as user?
<snip>
> I think the point I was tring to make is - it's complicated. There are
> countless ways to skin this cat, and the only way to learn then is read, and
> try and read and try and read and try and read and try. *sigh* I hope some
> of that made sence and didn't just frustate you more...
I sure learned a lot. I too shall be saving this one, it summed up some
stuff that I was sort of aware of, but never really put into practice
myself. Red Hat really does do some slick tricks with their distro.
Furthering the "more than one way to do it" line, there's also the
"sudo" command (sudo is an abbreviation for "SuperUser DO"). Some would
say that it's overkill for a one-user machine, and one of its functions
is to leave an audit trail on machines where several users have access
to root privileges. But I like it on single-user boxes as well, and it
can augment the process that Matthew described above. It's also nice in
that it doesn't rely on any of the neato Red Hat extensions or even
Linux, you can use it on any flavor of Unix that you happen to come
across. And for simple cases it's really easy to set up, so why not? ;)
sudo comes with Red Hat 7 (not sure about earlier versions) but I don't
think that it's installed by default. In any case you can get it
pre-packaged from rpmfind.net if you don't already have a copy.
By editing the /etc/sudoers file, you can grant certain users or groups
permission to run certain commands that would normally have to be run by
root. Details are in the sudo docs. You can write a sudoers file which
is just about as detailed and complicated as you want, but for a
single-user machine something like this might be okay:
username ALL=(ALL) ALL
(where "username" is replaced by your username)
With this in place, you could type
$ sudo rdate -s time.nist.gov
You would then be prompted for your password (not root's -- this
confused me at first), and "rdate" would be run as if by root.
An upside to this approach is that you don't have to set up commands in
advance as described by Matthew. That's also a disadvantage -- in a
moment of thoughtlessness it's easy to screw up your machine. Use the
approach that works best for you.
Finally a word on philosophy: Don't forget who's in charge here. When
"The Documentation" says that "CommandX is a restricted,
system-administration command," don't forget who owns the machine. You
Are Root. This is your house, so to speak. Of course it's a terrible
idea to log in as root too often, because sooner or later you will make
a mistake and cause yourself grief. Segmentation of user permissions is
there for your benefit. But if you're the only one with the root
password, you're going to have to use it sometimes. It can be a bit
confusing at first to realize what is a restricted command and what
isn't, but in my opinion this should just serve as a signpost to tell
you that the command should be taken seriously, not that you shouldn't
run it at all. (setting the date might seem trivial for a single-user
machine, but so many things rely on the system time that setting the
clock is best done judiciously.)
--
Michael Jinks, IB // Technical Entity // Saecos Corporation
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
