Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Could you explain what you mean by ftp server rights. Ftp should be a service running as a system user.
You also shouldn't be logging in as root. So the first part of your statement sounds bad as well.
By convention, usernames should be all lowercase. Some programs and services don't behave properly if they aren't.
You could have an entry to allow user 'mike' or a group mike belongs to to use rvim or rgvim to edit the config file for the service. Be sure to include the full pathname to the command. These two commands don't allow running a shell or suspending the editor to the background. This is to prevent the user from running a root shell.
See the comments in /etc/sudoers. It includes an example allowing users to mount a cdrom disc. Also, use visudo to edit the sudoers file.
what I mean is I'd like mike to only be able to use ftp server when using sudo. I just want to give him selective privilege.
For example to give Mike full right i'd do:
As per jschiwal, what you're asking doesn't make sense.
The ftp server runs as its own user, you don't give 'server rights' to anyone (else), it doesn't make sense.
If you want him to be able to use ftp ie send/get files, that's being a client user and has nothing to do with the server end.
You just type ftp at the cmd line and follow the prompts.
If you mean you only want him to be able to send/get files if he goes via sudo, that's unusual, in fact unique. All the security is handled by the server anyway, you shouldn't need to do that.
If this user is a local user and you only want that user to be able to log into the machine remotely using ftp, then check the documentationn for the ftp server you are using. vsftp has a file that contains a list of users who cannot log in. You could add the other users to this list.
A user running ftp as root doesn't make sense and I'm getting a bit tired of questions dealing with doling out root privileges like candy, usually because of laziness in having to type in a password. That's the reason that Windows is so insecure. Always follow the principle of least priviledges. I hope we don't get a bunch of Vista users simply because they don't like entering in the administrators password to install software, and end up with a lot of insecure Linux machines on the net.
Make one script that include cmds that you need to grant userX. Write script in way that userX get choice to run cmd he/she would like to run. Put script in /some/where/safe/ where only root has access perms. Turn script's SGID bit on and remove exec perms for others (and group if you wanna) and then add sudo entry like this...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.