LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-05-2007, 02:15 PM   #1
jrvt
LQ Newbie
 
Registered: Mar 2006
Location: Mexico
Distribution: RHL AS 3 RHL 9
Posts: 7

Rep: Reputation: 0
Question Creating admin account for services


Hi, im trying to configure a user account taht would be allowed to start vsftpd service, smb service, apache2 service.

I added a username and defined the initial group as adm and then added that other groups as daemon and bin. Im usin linux.

What else can i do to grant a user account grants so it can iniciate services such as vsftpd, samba, apache.

Thanks
 
Old 12-05-2007, 02:49 PM   #2
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
Usually the system automatically creates its own users for the services you mentioned, so there may be no need for you to create a user specifically for those services.
 
Old 12-05-2007, 03:42 PM   #3
complich8
Member
 
Registered: Oct 2007
Distribution: rhel, fedora, gentoo, ubuntu, freebsd
Posts: 104

Rep: Reputation: 17
Sounds to me like you're basically asking "how do I set up sudo so certain users can run specific init scripts"?

Last edited by complich8; 12-05-2007 at 03:43 PM.
 
Old 12-05-2007, 03:43 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
You could setup sudo to let the user account execute those specific binaries.
 
Old 12-05-2007, 06:21 PM   #5
jrvt
LQ Newbie
 
Registered: Mar 2006
Location: Mexico
Distribution: RHL AS 3 RHL 9
Posts: 7

Original Poster
Rep: Reputation: 0
Smile

Quote:
Originally Posted by reddazz View Post
Usually the system automatically creates its own users for the services you mentioned, so there may be no need for you to create a user specifically for those services.
Yes i have for example an apache user but is set to /nologin but i have 2 apache server one came with the red hat i have and the other one apache2 i installed.

Do i need to change the /nolgoin option for that user so i can use it. And for the vsftpd and smb services i dont have a specific user under /etc/passwd.

Is there something you can recomend me to do

Thanks.
 
Old 12-05-2007, 06:26 PM   #6
jrvt
LQ Newbie
 
Registered: Mar 2006
Location: Mexico
Distribution: RHL AS 3 RHL 9
Posts: 7

Original Poster
Rep: Reputation: 0
Smile Sudo

Quote:
Originally Posted by win32sux View Post
You could setup sudo to let the user account execute those specific binaries.
I have not used sudo, comlich8 has mentioned sudo command to. Ill look form some doc on the google to get around that command. think that is what i need.

I have tested the command with the admsvc user i created, but when i execute sudo it automatically asks me for a password. I have to set up some permissions so that user can run the services i want to, that will solve my issue?

Ill research and post my results.

Tanks for the help, you all!
 
Old 12-05-2007, 07:04 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by jrvt View Post
I have tested the command with the admsvc user i created, but when i execute sudo it automatically asks me for a password. I have to set up some permissions so that user can run the services i want to, that will solve my issue?
sudo can be setup to require (or NOT require) sudoers to type their password. It's up to you. You don't need to set any special permissions on the service binaries if you use sudo. Just create the group you want to use for sudoers, add the appropriate line to /etc/sudoers (using the visudo tool), and then add any users which you want to be sudoers to that group. There's tons of examples on the WWW.
 
Old 12-06-2007, 01:26 AM   #8
reddazz
LQ Guru
 
Registered: Nov 2003
Location: N. E. England
Distribution: Fedora, CentOS, Debian
Posts: 16,298

Rep: Reputation: 77
Quote:
Originally Posted by jrvt View Post
Yes i have for example an apache user but is set to /nologin but i have 2 apache server one came with the red hat i have and the other one apache2 i installed.

Do i need to change the /nolgoin option for that user so i can use it. And for the vsftpd and smb services i dont have a specific user under /etc/passwd.

Is there something you can recomend me to do

Thanks.
My apologies. I thought you wanted to create a system user to run those services. Anyway, I think follow the suggestions posted by others in this thread and use something like sudo.
 
Old 12-06-2007, 10:16 AM   #9
jrvt
LQ Newbie
 
Registered: Mar 2006
Location: Mexico
Distribution: RHL AS 3 RHL 9
Posts: 7

Original Poster
Rep: Reputation: 0
Talking Works!

Thanks for the help. Now i have set up the account i created to use sudo and it can manage the services i want.

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
creating admin account venki Linux - Networking 2 10-26-2006 02:15 AM
is it legitimate and allowed and can be done to make another user account set uid and gid to null 0 to make another root account with different name and possibly not damage the debian system creating and using that new account BenJoBoy Linux - Newbie 12 01-29-2006 10:02 AM
admin account recovery rajivb Linux - Newbie 4 02-20-2005 02:06 AM
domain admin account ? alris Linux - Networking 0 11-01-2004 08:15 PM
Resetting Admin Account mcronin Linux - Software 0 07-03-2002 12:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration