Jeffrey Krueger wrote:
You can use "useradmin" to create multiple administrative accounts, but unfortunately they are all root equivalents. It would be really handy if parts of the OS were ACL'd off so that each administrative account could have custom defined access to the OS. This would allow some users to be able to create CIFS shares and modify quotas, but not bounce the machine. *HINT* to dl-toasters@netapp.com *HINT* =)
Just wanted to say "hear hear" on that last comment. I understand that part of the "appliance" model is to get away from things like user accounts but having all users be root isn't an (in my opinion) usable setup.
I'm using netsaint to monitor our network and would love to rsh off commands like quota so that I can have netsaint monitor quota levels. Unfortunately, to do this means creating a second root level account (the user we use for netsaint) and setting it up for password-less rsh. If the netsaint user is ever compromised, our filers are now at risk. Blech!