I've messed around a little bit with sudo here's what I think...
Quote:
1.) How would I give someone the ability to do everything except one privilege (ex: they can do everything EXCEPT create new users)?
|
If they can do everything else they can modify the sudoers file to add users. I would recommend restricting commands to only what is needed. In the manual it says you can use a ! to indicate they can't use that command but if you give them everything else it isn't hard to go around it.
Quote:
2.) How would I log all the commands they've executed?
|
Most my experience is on solaris and sudo commands are logged by default. There are options available to modify how they are logged though
Check out
http://www.courtesan.com/sudo/man/sudoers.html for full syntax
Quote:
3.) How would I make their privileges expire on a certain date?
|
I don't know of anything that would expire privilages, if it were me I would put in on my calendar and do it manually.