D_AGC%vaxa.nerc-keyworth.ac.uk@nss.cs.ucl.ac.uk (11/24/88)
(This request for help has already been sent to Unix-Wizards. My apologies if you're seeing it for the second time.) I'm looking for one or more utilities which could be used to provide a limited and well controlled system administration environment for a generic unix system. The intention is that these could be used by a designated user (or users) to create (maybe delete) user accounts, initiate file-sys saves and restores, and other system admin type stuff without requiring that anyone log on as superuser because (where necessary) the software would setuid superuser. The sys admin environment would be used by a trusted user of the system who would need to be both protected from the system and from whom the system would need to be protected. It would not have to be all embracing, merely to cover the more common requirements, such as those just mentioned, as anything more demanding would be done by a member of the computer services staff. Can anybody point me to a source of such a collection of software ? Public domain source is acceptable, as it would be nice to have the same environment on a number of different vendors' systems, but commercial packages are also of interest. Many thanks to those who respond. Alan Cox, Natural Environment Research Council, UK P.S. As I don't subscribe to Info-Unix please direct replies to my mailbox, rather than to the list. d_agc@uk.ac.nkw.va JANET d_agc@va.nkw.ac.uk rest of the world, or d_agc%va.nkw.ac.uk@nss.cs.ucl.ac.uk ARPA d_agc%uk.ac.nkw.va@ukacrl EARN/BITNET/NETNORTH star::"d_agc%va.nkw.ac.uk@nss.cs.ucl.ac.uk" SPAN
dg@lakart.UUCP (David Goodenough) (11/25/88)
From article <17633@adm.BRL.MIL>, by D_AGC%vaxa.nerc-keyworth.ac.uk@nss.cs.ucl.ac.uk:
] I'm looking for one or more utilities which could be used to provide a
] limited and well controlled system administration environment for a
] generic unix system. The intention is that these could be used by a
] designated user (or users) to create (maybe delete) user accounts,
] initiate file-sys saves and restores, and other system admin type
] stuff without requiring that anyone log on as superuser because (where
] necessary) the software would setuid superuser.
]
] The sys admin environment would be used by a trusted user of the
] system who would need to be both protected from the system and from
] whom the system would need to be protected. It would not have to be
] all embracing, merely to cover the more common requirements, such as
] those just mentioned, as anything more demanding would be done by a
] member of the computer services staff.
I don't know if it will be posted, but I submitted a program "secure"
to comp.sources.unix. This could very easily be changed to do what is
wanted here: simply have it check if the real user id of it's invoker
is on some form of trusted list. Then by changing the things in the
list of secure programs, you'd be all set. If secure does get approved,
people might want to comment on the viability of doing this.
--
dg@lakart.UUCP - David Goodenough +---+
| +-+-+
....... !harvard!xait!lakart!dg +-+-+ |
AKA: dg%lakart.uucp@harvard.harvard.edu +---+