Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Thanks , but I'm not sure if adding users to sudoers would do.
I have a web site which users can access to create accounts for themselves. For this I use a script which calls the useradd command. But the script prompts for the password, unless run as root.
In this case, the user who tries to create an account for (her)himself cannot be root. I posted this question in this very forum, and somebody suggested that I use setuid. But that didn't work too.
Hence I thought using ssh would be a good option. Any thought?
Please helpppppp. Any other approach to solving this would do. The requirement is as follows.
I have a script to add users ( which uses the useradd command). When a non-root user runs it, it fails because non-root users cannot run useradd. I don't want to use su in the script because that would prompt for the root password. Please give me a way out.
If you allow users to log-in as root, then they have full root powers right from the start. SSH2 will protect a user from snooping, but won't protect you from a malicious user. Also, the first time SSH2 is used, there is the potential of a man-in-the-middle attack, since their public key is not known.
A suid script should work. However, it needs to be bullet-proof, because if a user can crash the script, they would be in a shell with full root rights and could do anything.
You may want to have them supply the user name and password information on the web page, and have an independent service check for the saved information somewhere, and use it to create new accounts.
As an after-thought, the reason a suid script wouldn't run could be that the apache server is running in a chroot jail with a restricted shell, or in a partition mounted with the nosuid option. This would actually be a good thing.
ssudhl's was thinking of having guests automatically log in a root.
Even if only one person has the root password, It is best for that person to log in under their own account and su to root if need be. If nothing else, the su is logged, and if a system change is made, you can find out who to ask about it.