LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-27-2010, 05:06 PM   #1
gavbam
LQ Newbie
 
Registered: Apr 2010
Posts: 4

Rep: Reputation: 0
Elevating a user to have higher privllages in bash


Hi guys I am running Fedora and I am trying to learn so much about this new jump over to Linux.
(All must be done in bash so I can learn the long way round first)
My problem lies where I have a user who needs to do certain tasks with the same privallges as root.
Would it be best to create a group then add both user and root to that group so they both have admin like privs?
Sorry guys but I am new to this and trying to do and search as much as i can but it looks like I am chasing my tail. thanks in advance.

Gavbam
 
Old 04-27-2010, 05:09 PM   #2
zordrak
Member
 
Registered: Feb 2008
Distribution: Slackware
Posts: 595

Rep: Reputation: 115Reputation: 115
Google: sudo
 
Old 04-27-2010, 06:29 PM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,785

Rep: Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159Reputation: 4159
Quote:
Originally Posted by gavbam View Post
Hi guys I am running Fedora and I am trying to learn so much about this new jump over to Linux.
(All must be done in bash so I can learn the long way round first)
My problem lies where I have a user who needs to do certain tasks with the same privallges as root.
Would it be best to create a group then add both user and root to that group so they both have admin like privs?
Sorry guys but I am new to this and trying to do and search as much as i can but it looks like I am chasing my tail. thanks in advance.

Gavbam
If you're the admin, be very, VERY careful who you give root (or root privileges) to. They *SAY* they 'need' it, but verify. If they only need to do one thing, use SUDO to ONLY give them that one thing.

Just like adminning a Windows box...you don't pass out admin privs to everyone, and you shouldn't in Linux either. If they don't need it, don't give it. SUDO is a great tool...you can log when commands are run, and only give root-level access to certain commands, to certain people. If you give someone root shell....you'd better be 100% sure you can trust them, AND that they'll own up to mistakes. If the box gets toasted...YOU are the one responsible. They can always say, "yep, I was logged in, and the box just died...". Logs will say that ROOT did command XXXX, and they'll be at your doorstep, wanting to know why, and holding you responsible. That's why it's better to limit what the users can do.

Yes, they'll complain about it, and whine that it's making their jobs harder, etc., etc....but all you have to say to your boss is "Well, they don't need it, and I'm keeping the box secure and running". If the boss insists, get it IN WRITING, and get your boss to sign off on it, and the user too, saying that they know what they're doing, and that the user (not you) is responsible for any damages done due to carelessness. You'll be surprised how often the user will suddenly say "Gee, maybe I can live with 'regular' rights....", when they have to be responsible. And make sure you've got logs going to multiple locations, so they can't be edited/changed to erase things.

Sorry if I sound bitter and cynical, but I've been doing this for a long time, and have been at the receiving end of something like this. Once you cover yourself, you won't have worries. And if the user IS responsible and professional, they'll recognize what you're doing, and appreciate it.
 
Old 04-27-2010, 06:37 PM   #4
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
The way to give users incrementally more privileges is to add them to the appropriate groups. (I guess sudo can accomplish the same thing.)

What kind of environment are you in where someone can walk up and say they need root privileges?

Who is responsible for the integrity of the machine in question? (If the answer to this one is ambiguous, then you have a real problem.)
 
Old 04-28-2010, 02:27 AM   #5
gavbam
LQ Newbie
 
Registered: Apr 2010
Posts: 4

Original Poster
Rep: Reputation: 0
thank you for all your help.
It's nice to know that there is a wealth of knowledge out there to help us noobs out.

The reason I want to elevate a privllage is so if the general manger is not in the temp duty manager can still utilise some of his programs to do time sheets and other admin related work.

I will look at sudo and go from there.

Thanks guys I hope I learn lots on here already customed to the search tab

G
 
Old 04-28-2010, 04:06 AM   #6
zordrak
Member
 
Registered: Feb 2008
Distribution: Slackware
Posts: 595

Rep: Reputation: 115Reputation: 115
Wait wait wait wait..

They do NOT need sudo at all for that.. All they need is file permissions to read/run the programs in question.
 
Old 04-28-2010, 07:01 AM   #7
pixellany
LQ Veteran
 
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Arch/XFCE
Posts: 17,802

Rep: Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738Reputation: 738
Quote:
Originally Posted by zordrak View Post
Wait wait wait wait..

They do NOT need sudo at all for that.. All they need is file permissions to read/run the programs in question.
Or just to be added to the appropriate group....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
normal user unable to use ping command after changing the security level to higher sleepyz Linux - Security 1 08-06-2008 10:24 PM
super user privileges check for a normal user in bash script freeindy Programming 2 08-01-2008 06:08 AM
User input into Bash scripts and checking validity of user input?? helptonewbie Programming 8 07-07-2008 06:40 PM
LXer: Open Source professionals higher skills, higher paid: survey LXer Syndicated Linux News 0 03-11-2008 04:41 PM
higher access level for a user? herc Linux - General 2 12-29-2003 10:50 AM


All times are GMT -5. The time now is 02:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration