is it possible to deny root2 to change password of original root
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
No. You're off the map with root2.
A better option would be to userdel root2 and if you need a second 'root' make him a type of superuser. If, for instance, you had him alone as part of group root, you could adjust group permissions for things root owns so that the superuser can use them. Look at Kevux for a good example of how that is done. E£verything seems to be controlled by group stuff http://kevux.org
and also some of his MySQL databases and tables but I don't want to give him root's access rights.
In case you weren't aware, MySQL users don't have anything to do with the system users. It is easy to give him a MySQL user that is completely restricted to the database he is using.
but user test still able to run /sbin/route
what I missed?
Can user test still run route after a fresh login? Are you editing using visudo? That will give you clues if syntax is wrong.
Also, I would suggest using sudo to allow access to specific commands rather than deny them access. For example, since you haven't denied access to visudo, it is possible that test could use it to edit the sudoers file and give themselves access to the NETWORK commands.
OK, this is down to something trivial. I put your configuration into my sudoers file and it works, so there are no glaring errors. Maybe something in the spacing or a typo you missed? Here is what mine looks like:
thanks, but how to only allow user to look into some folders only?
You're going to have to explain what you're after a bit more fully. Folder access is usually handled by permissions, so a user only has access to folders they have permission to see. If you want to restrict users to specific folders you have to make sure that they are part of a group that can't see folders you don't want them in, and that the restricted folders aren't world readable. By the way, if this is related to the sudo part of the question, this is also an excellent example of why you want to grant access to specific commands rather than denying access to some. A user with the kind of sudo restrictions discussed in this thread could easily get around any folder permission restrictions.
If you'll post some details about what you want, I'm sure we'll come up with a more specific answer.