| linuxpyro |
05-23-2005 07:30 PM |
Sub-root administrators?
I am running a small server with Gentoo. I will be using this for Web, Mail, POP3, possibly DNS, and MySQL. I am going to be hosting a few domains, two for myself and a couple other for some friends. I will also leave SSH open, for a terminal session as well as secure FTP.
My plan is to create a group for each domain I add (accept of course for my own domains). This way if more than one person happen to be involved in maintaining the site, I can give them each thier own account, as well as Email address, etc. What I want to be able to do is to create a "sub-root" administrative account, one with which I can if necessary have access to all of the files in each particular group yet not be able to, for example, run init scripts or tweak config files. (My reasoning for this is the same as that behind the idea of adding a normal user in addition to root in Linux installs: So I can do day-to-day work with it without accidentally breaking my system. I might also give such an account to another person whom I trust, but otherwise it is mainly for myself.) The best thing I can think of doing in this case is to create an account and add it to each of the groups, but the problem with this would be that it would still be possible to hide things from this admin.
Have some of you guys had a similar situation? I know the whole Linux security setup is not very flexible in terms of this sort of thing, but it seems like there should be a way. Thanks for any input.
|
