Quote:
Originally Posted by TerryP
If doing that, I would use a custom program that restricts what things they can do -- for example blocking them from setting their own user and group ID numbers, allowing them to set their group(s) or restrained to only a few 'safe' groups you choose. The script can always wrap around the pw utility.
Ok, so I am paranoid as much as I am lazy...
|
Yea, I was going to take adduser and modify it for exactly these purposes. I'm going to limit available UID's to 10000+ (for my own tracking purposes) and allow GID of 9999 only (which will be set to "users"). This is the setup for me
Oh - and as far as being paranoid and lazy... both are great qualities of system admins