[Techtalk] Sound card gone missing - OSS/ALSA woes
TraceyC
grrliegeek at elenari.net
Sun Mar 18 16:10:20 UTC 2012
On 03/16/2012 04:51 PM, Akkana Peck wrote:
>> TraceyC wrote:
>>> As a sysadmin, I'd restrict
>>> him to a wheel account without the ability to break things that
>>> only root can break. A wheel account has the flexibility to add
>>> more ability to change things as he learns while keeping him to the
>>> agreement to not futz with things he shouldn't.
> Little Girl writes:
>> A wheel account sounds good, and then letting him out of it from time
>> to time with the full awareness that he might end the world would be
>> good, too.
> What do you two mean by "wheel account"? I've seen "wheel" used for
> a group that has sysadmin/sudo privileges -- and I just googled it
> and Wikipedia seems to use it that way too. But you seem to mean an
> account that *doesn't* have sudo privileges.
I did actually mean an account that has sudo privileges. With the wheel
group and visudo you can restrict the types of commands that a
particular user / group can run. That way, the learner can do things
like probe hardware and read logs which won't cause breakage, but not
install things which might cause breakage.
As background, I support web hosting automation software. Some of the
customers I work with are reluctant to provide root access to their
servers when we need to troubleshoot. I've seen that sometimes it's
useful to see configuration / log files on a test server to compare to
the live environment. Sometimes being able to see logs & config files,
while making no changes, is necessary. There's a lot to be learned
without actually compiling or installing anything :)
The default example in the sudoers file (visudo) for the wheel group
allows the users in the group to run all commands, but it can be set to
a specific sub-set of commands. Combining this with the other idea you
and others have mentioned of providing a system (virtual or not) where
he has full root access & freedom to break whatever he wants is, I
think, the best solution. That way he can explore without damage on the
shared box and do whatever he wants on the non-shared test box.
Tracey C
More information about the Techtalk
mailing list