Originally Posted by hmutual2
Ok, that's what I thought. And regarding capabilities, can it be set up that a user can only do certain task as a su or sudo user?
Drop this VNC nonsense. I manage a few thousand servers from my one lil UNIX system.
Your "Linux Administrator" needs to run VNC as root like a surgeon needs a Machete for a scalpel.
Giving him apropriate sudo access means you either;
micro-manage every single command
he will need to use (this will get very old, trust me), or
give him "%wheel ALL=(ALL)", which means he could just "sudo su - " then "passwd root" and lock you out of your system.
No he doesn't need a VNC session that's launched with root permissions. That's "Windows Administrator Thinking
" that is going to either cost him his job, or you a lot of time (or dataloss).
He should launch a VNC session under his own
open an Xterm and "su -" as needed.
If he's your "Linux Administrator", you're going to have to trust him to some degree (though abuse of root access is a huge red flag for me).
Does this guy have an RHCE by chance? (I've been seeing a lot of "RHCE == MCSE" type of behavior recently....I'm wondering if there's reason to worry).