Subject: Re: Using netgroups in /etc/group
To: Luke Mewburn <lukem@NetBSD.org>
From: Lord Clark Frazier Hale I <xlark@sdf.lonestar.org>
List: netbsd-help
Date: 12/11/2004 20:06:48
On Sat, Dec 11, 2004 at 01:23:09PM +1100, Luke Mewburn wrote:
> Not really.
>
> The '+/- compat syntax' is triggered off the first character of the
> line, not on each member group. There would be large increases in
> complexity in libc/getgrent.c for supporting the latter.
>
That's enlightening. I've never seen that in any of the assorted
documetation around the web (or I just missed it, which is entirely
possible).
> I'm tempted to answer "not really" here too.
> You _could_ use
> +wheel:*::
> wheel:*:0:root
> and set wheel to the full admins entry in whereever you get
> passwd_compat from (nis, dns, ...), but I'm not comfortable
> recommended that as good sysadmin practice.
>
> You could replacements for su(1) that do not use "wheel" as
> the access control mechanism (e.g., priv, sudo)
That works for me, though I'm not sure if I'll use it. The more I think
about it, the more it seems like a bad idea for wheel. I think I'll do
some research on alternavtives, like those you listed.
Thanks very much,
Clark
--
Sir Clark Frazier Hale I
xlark@sdf.lonestar.org
For the Snark WAS a bojum, you see.
SDF Public Access UNIX System - http://sdf.lonestar.org
Clayton SuperComputing Centre - http://cscc.homeunix.net