LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-09-2004, 06:49 PM   #1
jon_k
Member
 
Registered: Jul 2003
Location: Fort Worth, Texas
Distribution: Mepis Linux 2004
Posts: 547

Rep: Reputation: 30
Allowing a normal nonroot user to create accounts?


I am tech support and head admin for a hosting provider....

I've written a bash cript to install a server by basically copying a template install to the directory of my choice. Say, pserver -user jo would install to /home/jo

Unfortunately, the owner of the server does NOT want to give me root level access and so I'd need to be able to do this under a non root account.

So what I'm asking is would it be possible to:

* Allow a non root user to execute /usr/sbin/adduser
* Allow a non root user to be able to copy the template files to the above newly created users home directory (e.g. user jon , a non root user, copying /home/jon/template/ to /home/newuser/)


Is this possible at all in any way that could accomplish the same end result?

Will someone give some feedback on this weather it's possible or not to get a result like this?


I considered writing a webserver that could run under ROOT but that'd be a gaping hole if someone figured out an exploit to the apache server or whatnot.

Is there any alternative to accomplish a system like this without him giving me root access?

Any response will be greatly appriciated,

thanks,
jon
 
Old 07-09-2004, 09:16 PM   #2
th3_d0c
Member
 
Registered: Nov 2003
Location: New Hampshire
Distribution: Slack 9.2
Posts: 39

Rep: Reputation: 15
Yes it is entirely possible. Your admin will have to add you to the "sudoers" file under "/etc" file. That file is setup so you can give certain users certain privledges without having to 'su' or be a root.
>>A listing in the file itself
Quote:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
**I am also running Slack 9.1 if that makes a difference.
 
Old 07-10-2004, 01:05 AM   #3
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 47
Quote:
Unfortunately, the owner of the server does NOT want to give me root level access and so I'd need to be able to do this under a non root account.

So what I'm asking is would it be possible to:

* Allow a non root user to execute /usr/sbin/adduser
* Allow a non root user to be able to copy the template files to the above newly created users home directory (e.g. user jon , a non root user, copying /home/jon/template/ to /home/newuser/)


Is this possible at all in any way that could accomplish the same end result?
D'OH, only $ROOT can add new users!!
Any thing one does to work around this IS A SECURITY RISK!!!
 
Old 07-10-2004, 02:17 AM   #4
J.W.
LQ Veteran
 
Registered: Mar 2003
Location: Milwaukee, WI
Distribution: Mint
Posts: 6,642

Rep: Reputation: 69
My recommendation would be forward each and every adduser request to the guy who owns the server and ask him to do it because you don't have the necessary tools/privs. Be sure to also CC the person who requested the new ID, so he/she knows the ball is in that guy's court and that you're not the bottleneck.

Seriously, as an outside observer, it seems to me that the situation you've described is that an employee (meaning you) has been given the responsibility to perform a certain task, but that the employee's managers are refusing to give him the tools he would need to do the job. That's an un-winnable situation, and the only 2 outcomes to resolve it are to either reassign the task to someone who does have the tools (the other guy), or to provide you with the necessary tools (meaning giving you root). If the latter option is not a possibility, per your post, then that leaves only the former.

In any event, I totally agree with 320mb; personally I would consider adding new user accounts to be the responsibility of root, and any steps taken to defeat these built in security measures would be ill-advised IMO. -- J.W.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to create user root accounts - SuSE 92 jdaniel Linux - Software 3 07-29-2005 11:35 AM
how to give a nonroot user write access Kilahchris Linux - Newbie 8 05-11-2005 02:10 AM
Create Limited User Accounts epihammer Mandriva 3 05-18-2004 02:52 PM
ALSA prob: works fine as root but only partially as nonroot user. Choey Slackware 2 11-01-2003 02:17 PM
Create many user accounts kelper Linux - Software 7 09-06-2003 06:03 AM


All times are GMT -5. The time now is 03:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration