Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
01-31-2004, 05:06 AM
|
#1
|
|
Member
Registered: Aug 2003
Location: Europe
Distribution: Slackware (current)
Posts: 228
Rep: 
|
2nd root (for adding client machines to Samba PDC) ?
Hi,
is there any way how to give a limited root access to another administrator? This administrator only takes care of windows client machines and he needs root access for adding a machine to the domain (Samba acting as PDC) when the client PC is reinstalled (quite often  )
Thanks for your time |
|
|
|
|
02-01-2004, 04:14 AM
|
#2
|
|
Member
Registered: Jul 2003
Location: Florence, Ky
Distribution: CentOS 3.3-4, OpenBSD 3.3, Fedora Core 4, Ubuntu, Novell Open Enterprise Server
Posts: 213
Rep:
|
The answer to your problem is a simple program named sudo.
Be sure NOT to give access to interactive editors such as vi that allow shell commands. If you do, what is going to stop him from nulling out the root password or changing his own uid to 0? Use the least privilege approach.
Links:
http://www.onlamp.com/pub/a/bsd/2002...y_Daemons.html |
|
|
|
|
02-01-2004, 07:59 AM
|
#3
|
|
Member
Registered: Aug 2003
Location: Europe
Distribution: Slackware (current)
Posts: 228
Original Poster
Rep:
|
Thanks for the answer, but I have no clue how to use sudo with Samba.
Can u give an example how to set it up?
When u want to add a windows machine to the domain, the first login to the domain must be done as root (from the client).
|
|
|
|
|
02-01-2004, 09:12 AM
|
#4
|
|
Member
Registered: Jul 2003
Location: Florence, Ky
Distribution: CentOS 3.3-4, OpenBSD 3.3, Fedora Core 4, Ubuntu, Novell Open Enterprise Server
Posts: 213
Rep:
|
I'm not on a linux machine right now (I am deployed to Iraq and sitting in a free cyber cafe!) So I can't play around with Samba. I normally use nfs but here is basicly what you need to do.
1.) Document all commands that your PDC Admin routinely or will at some time use.
2.) Create a group named sambadm and add all of the users you want to be samba admins to this group.
3.) Create a '/etc/sudoers' file and add all of your permissions to it.
touch /etc/sudoers
The format for the /etc/sudoers file is very simple
username host = command
Here is an example:
%sambaadm PDC = /usr/bin/smbpasswd,/usr/sbin/useradd,\
/sbin/newfs,/sbin/newfs_msdos,/sbin/mount
Now the user just types 'sudo smbpasswd' or whatever they need to type. It will prompt them for their own password and then will execute. If you use the NOPASSWD option like the one listed in the last link, they won't even need a password. I hope this helps
Links:
http://www.courtesan.com/sudo/sudo.html sudo homepage
http://www.linuxhomenetworking.com/linux-hn/samba.htm
http://www.linuxhomenetworking.com/linux-hn/sudo.htm
http://lists.debian.org/debian-user/.../msg03647.html
http://www.onlamp.com/lpt/a/2680
http://www.courtesan.com/sudo/sample.sudoers check this out for some ideas
Last edited by enigmasoldier; 02-01-2004 at 09:53 AM.
|
|
|
|
|
02-01-2004, 09:26 AM
|
#5
|
|
Member
Registered: Aug 2003
Location: Europe
Distribution: Slackware (current)
Posts: 228
Original Poster
Rep:
|
OK, thanks I ll give it a try when I get back to the office.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 12:28 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
