sudoer scheme for another web developer that retains my future control of a virtual server?

Posted by Tchalvak on Server Fault See other posts from Server Fault or by Tchalvak
Published on 2010-03-16T17:04:47Z Indexed on 2010/03/16 18:41 UTC
Read the original article Hit count: 382

Filed under:
|
|
|

Background: Virtual Private Server

I have a virtual private server that I'm looking to host multiple websites on, and provide access to another web developer. I don't care about putting too many constraints on him, though I wouldn't mind isolating the site that he'll be developing from other sites on the server that I will develop.

The problem: retain control

Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example.

I need him not to be able to:

  • take away other admin permissions
  • change the root password
  • have control over other security/administrative functions

I would like him to still be able to:

  • install software (through apt-get)
  • restart apache
  • access mysql
  • configure mysql/apache
  • reboot
  • edit web development configuration type files in /etc/

Other Standard Setups would be happily considered

I've never really set up a good sudoers file, so simple example setups would be very useful, even if they're only somewhat similar to the settings that I'm hoping for above.

Edit: I have not yet finalized permissions, standard, useful sudo setups are certainly an option, the lists above are more what I'm hoping I can do, I don't know that that setup can be done.

© Server Fault or respective owner

Related posts about sudoers

Related posts about webserver