sudoer scheme for another web developer that retains my future control of a virtual server?
Posted
by Tchalvak
on Server Fault
See other posts from Server Fault
or by Tchalvak
Published on 2010-03-16T17:04:47Z
Indexed on
2010/03/16
18:41 UTC
Read the original article
Hit count: 382
Background: Virtual Private Server
I have a virtual private server that I'm looking to host multiple websites on, and provide access to another web developer. I don't care about putting too many constraints on him, though I wouldn't mind isolating the site that he'll be developing from other sites on the server that I will develop.
The problem: retain control
Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example.
I need him not to be able to:
- take away other admin permissions
- change the root password
- have control over other security/administrative functions
I would like him to still be able to:
- install software (through apt-get)
- restart apache
- access mysql
- configure mysql/apache
- reboot
- edit web development configuration type files in
/etc/
Other Standard Setups would be happily considered
I've never really set up a good sudoers file, so simple example setups would be very useful, even if they're only somewhat similar to the settings that I'm hoping for above.
Edit: I have not yet finalized permissions, standard, useful sudo setups are certainly an option, the lists above are more what I'm hoping I can do, I don't know that that setup can be done.
© Server Fault or respective owner