is it possible to deny root2 to change password of original root
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
No. You're off the map with root2.
A better option would be to userdel root2 and if you need a second 'root' make him a type of superuser. If, for instance, you had him alone as part of group root, you could adjust group permissions for things root owns so that the superuser can use them. Look at Kevux for a good example of how that is done. E£verything seems to be controlled by group stuff http://kevux.org
Actually, I want to give someone to remote my server for updating his application and also some of his MySQL databases and tables but I don't want to give him root's access rights.
and also some of his MySQL databases and tables but I don't want to give him root's access rights.
In case you weren't aware, MySQL users don't have anything to do with the system users. It is easy to give him a MySQL user that is completely restricted to the database he is using.
Quote:
but user test still able to run /sbin/route
what I missed?
Can user test still run route after a fresh login? Are you editing using visudo? That will give you clues if syntax is wrong.
Also, I would suggest using sudo to allow access to specific commands rather than deny them access. For example, since you haven't denied access to visudo, it is possible that test could use it to edit the sudoers file and give themselves access to the NETWORK commands.
OK, this is down to something trivial. I put your configuration into my sudoers file and it works, so there are no glaring errors. Maybe something in the spacing or a typo you missed? Here is what mine looks like:
for the mysql part, look at the mysql grant statement
The below allows 'youruser' when connected from the given ip-address '192.168.1.16 to select and insert data from/into all tables in the database 'yourdatabase'.
Code:
grant usage on yourdatabase.* to 'youruser'@'192.168.1.16' identified by 'somepassword'
grant select, insert on yourdatabase.* to 'youruser'@'192.168.1.16'
As the user has local access in your case, you can change the ip-address to 'localhost'.
thanks, but how to only allow user to look into some folders only?
You're going to have to explain what you're after a bit more fully. Folder access is usually handled by permissions, so a user only has access to folders they have permission to see. If you want to restrict users to specific folders you have to make sure that they are part of a group that can't see folders you don't want them in, and that the restricted folders aren't world readable. By the way, if this is related to the sudo part of the question, this is also an excellent example of why you want to grant access to specific commands rather than denying access to some. A user with the kind of sudo restrictions discussed in this thread could easily get around any folder permission restrictions.
If you'll post some details about what you want, I'm sure we'll come up with a more specific answer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.