Below is my suders file. The goal is to let users in group admin do basic startup and shutdown stuff and manage passwords of users (but not root). Does this look like a secure setup? # User alias specification User_Alias ADMIN = %admin # Cmnd alias specification Cmnd_Alias SHUTDOWN = /sbin/shutdown Cmnd_Alias HALT = /sbin/halt Cmnd_Alias REBOOT = /sbin/reboot Cmnd_Alias RESTART = /etc/rc.d/init.d/httpd restart, /etc/rc.d/init.d/junkbuster restart, /etc/rc.d/init.d/smb restart Cmnd_Alias PASSWORD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root, !/usr/bin/passwd admin, !/usr/bin/passwd [users with admin access] Cmnd_Alias USERCONTROL = /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod # User privilege specification root ALL=(ALL) ALL ADMIN ALL = NOPASSWD: SHUTDOWN, HALT, REBOOT, RESTART ADMIN ALL = PASSWORD, USERCONTROL --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org