|
|
Base the decision of whether to use filepriv or tfadmin on considerations of security above all else.
For example, the filepriv command assigns fixed privileges to command files. Thereafter, the fixed privileges become a file attribute, and the file will always run with privilege for those users who can access the command file. You may want to assign fixed privileges to commands when you are more concerned that users are accessing a version of a command that you can verify is secure, than with the identities of the people using the command.
On the other hand, tfadmin associates privileged commands with a known set of users that you define in the TFM database. Users not in the TFM database cannot execute these commands with privilege. Commands that can have a wide-ranging or destructive effect on the system can be restricted to a group of people you know and trust.