Elevating a user to have higher privllages in bash
 

Hi guys I am running Fedora and I am trying to learn so much about this new jump over to Linux.
(All must be done in bash so I can learn the long way round first)
My problem lies where I have a user who needs to do certain tasks with the same privallges as root.
Would it be best to create a group then add both user and root to that group so they both have admin like privs?
Sorry guys but I am new to this and trying to do and search as much as i can but it looks like I am chasing my tail. thanks in advance.

Gavbam

Google: sudo

If you're the admin, be very, VERY careful who you give root (or root privileges) to. They *SAY* they 'need' it, but verify. If they only need to do one thing, use SUDO to ONLY give them that one thing.

Just like adminning a Windows box...you don't pass out admin privs to everyone, and you shouldn't in Linux either. If they don't need it, don't give it. SUDO is a great tool...you can log when commands are run, and only give root-level access to certain commands, to certain people. If you give someone root shell....you'd better be 100% sure you can trust them, AND that they'll own up to mistakes. If the box gets toasted...YOU are the one responsible. They can always say, "yep, I was logged in, and the box just died...". Logs will say that ROOT did command XXXX, and they'll be at your doorstep, wanting to know why, and holding you responsible. That's why it's better to limit what the users can do.

Yes, they'll complain about it, and whine that it's making their jobs harder, etc., etc....but all you have to say to your boss is "Well, they don't need it, and I'm keeping the box secure and running". If the boss insists, get it IN WRITING, and get your boss to sign off on it, and the user too, saying that they know what they're doing, and that the user (not you) is responsible for any damages done due to carelessness. You'll be surprised how often the user will suddenly say "Gee, maybe I can live with 'regular' rights....", when they have to be responsible. And make sure you've got logs going to multiple locations, so they can't be edited/changed to erase things.

Sorry if I sound bitter and cynical, but I've been doing this for a long time, and have been at the receiving end of something like this. Once you cover yourself, you won't have worries. And if the user IS responsible and professional, they'll recognize what you're doing, and appreciate it.

The way to give users incrementally more privileges is to add them to the appropriate groups. (I guess sudo can accomplish the same thing.)

What kind of environment are you in where someone can walk up and say they need root privileges?

Who is responsible for the integrity of the machine in question? (If the answer to this one is ambiguous, then you have a real problem.)

thank you for all your help.
It's nice to know that there is a wealth of knowledge out there to help us noobs out.

The reason I want to elevate a privllage is so if the general manger is not in the temp duty manager can still utilise some of his programs to do time sheets and other admin related work.

I will look at sudo and go from there.

Thanks guys I hope I learn lots on here already customed to the search tab

G

Wait wait wait wait..

They do NOT need sudo at all for that.. All they need is file permissions to read/run the programs in question.

Or just to be added to the appropriate group....