LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-06-2008, 04:35 PM   #1
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Rep: Reputation: 15
Smile RHEL 4 64bit Workstation Allow specifc user Admin Power


Please forgive me but I'm new at LINUX. I've been using root to create accounts but now I wish to create an account which can create local users on the workstation (basically a admin account). Can I just type adduser, specify the name and then what? Do I have to use the GUI interface and add them to a group, if yes which group. I tried to use the GUI interface and thought I had all the correct groups added but when I login to create a user in the terminal mode, I type add user, specify the name and it comes back and looks at me like I'm cray (which I think I am anyway). When I use the GUI interface it ask for the root password.

Any help would be much appreciated,
John
 
Old 05-06-2008, 05:51 PM   #2
sfjoe
Member
 
Registered: Jun 2007
Location: San Francisco
Distribution: Centos 4, Debian
Posts: 55

Rep: Reputation: 16
sudo

What you want is sudo. You can google for details on how to use it but simply put it allows a user to have root-like powers without having to know the root password. The configuration file is /etc/sudoers which contains a list of users and the actions they can perform. In some distros /etc/sudoers is well-commented enough to be all you need in the way of help.
 
Old 05-07-2008, 07:51 AM   #3
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Unhappy First Time Setting up SUDO Users

Ok I think I setup a SUDO user correctly. When I login as me and type
sudo -l the response is
User mccarthy may run the following commands on this host:
(root) ALL

When I login with mccarthy and type useradd smith, the response is:
bash: useradd: command not found

Did I not do somthing correctly?

A million thanks,
John

Last edited by mccartjd; 05-07-2008 at 07:53 AM. Reason: Forgot somthing
 
Old 05-07-2008, 08:58 AM   #4
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Unhappy Got it, sort of

Ok I found what I needed to do was type:
sudo /usr/sbin/useradd smith
sudo /usr/bin/passwd smith


Enter New Password
Retype New Password

I just have one question. I was able to make the password somthing like zxcvbnm, which does not meet the passwords stanards I setup in the below:

/etc/login.defs

PASS_MIN_LEN 8

/etc/pam.d/system-auth

password requisite /lib/security/$ISA/pam_cracklib.so retry=3 minlen=12 lcredit=1 ucredit=1 dcredit=1 ocredit=0


Is there any reason why the password requisite in not taking effect? I was told root could bypass this that is why I created the sudo users.
 
Old 05-07-2008, 09:53 AM   #5
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Unhappy Sudo Account setup password to meet min requirement

The saga continues:

Here is what my system-auth file reads now, per the usr/share/doc/pam-0.77/html/pam6.html


password required pam_cracklib.so \
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=1 minlen=12

Still user, the sudo can create an account with less than 7 letters. Is the issue sudo?

Do I need to stop and start a service for the change to take effect?
 
Old 05-07-2008, 07:58 PM   #6
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,412

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
You've made the new user equiv to root, so as you said, he can bypass the length...
The real point of sudo is NOT to create another root user (a bad idea).
Tell sudo to only allow him to run the adduser cmd.
 
Old 05-07-2008, 08:33 PM   #7
mccartjd
Member
 
Registered: Apr 2008
Posts: 108

Original Poster
Rep: Reputation: 15
Wink Sudo with to much Power or Root

Now that I have expieremented with sudo how do I create a sudo account with useradd rights only?

Thanks
John
 
Old 05-08-2008, 12:35 PM   #8
sfjoe
Member
 
Registered: Jun 2007
Location: San Francisco
Distribution: Centos 4, Debian
Posts: 55

Rep: Reputation: 16
sudo useradd

This is just off the cuff, so it most likely won't work 'as-is' but will need some tinkering.

First off, you'll want to use visudo to edit /etc/sudoers as it provides locking and some basic sanity checks:
sudo /usr/sbin/visudo

Then, you'll probably want the adduser functionality to also be able to add groups and such so make a command alias by adding a line like this to /etc/sudoers:
Cmnd_Alias USER_MGMGT = /usr/sbin/groupadd, /usr/sbinuseradd

Then, you'll want a list of users you'll give this capability to, so add this line:
User_Alias USER_MANAGERS = user1, user2, user-etc

Now tie them together, giving permissions to user on your USER_MANAGERS list to run progrmas in the USER_MGMT list by adding this line:

USER_MANAGERS ALL = USER_MGMT

You can look at `man sudoers` for more detailed info
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL 4 64bit Workstation mccartjd Linux - Newbie 3 05-06-2008 07:26 PM
Parallels workstation, Ubuntu 7.10 host - loose access to System; Admin; Services taylorkh Linux - Software 0 02-17-2008 08:59 AM
RHEL Workstation and AS | Registration the_gripmaster Red Hat 2 09-13-2006 09:25 AM
User admin and N/w admin on Gnome hangs ssrini *BSD 2 07-28-2005 08:55 AM
Workstation power failure etcetera Linux - Hardware 7 12-17-2004 10:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration