Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Here is another one. I want to make a user , who can be able to do all the jobs an root can do(some exceptions can be there). How to set the rights/permissions for him.
Hi,
I'd go with the earlier advice and use sudo to do this. If you explain a little more about what it is you're trying to do we might be able to offer some further advice.
I mean , If there is a root and his assistant root1.
i want to make root1 can do almost all of the jobs of root,ie., a user root1 will be given some rights to add/del/change user settings, managing services, configuring of server settings, monitoring etc.,,
what mether told is perfectly working. But it is dangerous., i mean , by doing this the user completely becomes a root, he can be able to change the root passwd too.
Hi,
The first thing you need to do is determine exactly what you want your non-root power user to be able to do. Only once you've got a tight specification for the limited powers you need to give this admin account can you successfully lock it down.
Once you've done that determine exactly how you are going to allow the user to do the jobs in hand. If you need to allow them to change all passwords other than root you might need to do some creative scripting or modify the passwd command. Consider using an existing administration tool that allows this kind of granular access control. I can't think of one for Linux off the top of my head, perhaps someone else can throw us a bone.
Yeah, this is where unix permissions really fall down. You can't give a user root-ish permissions over X,Y and Z but not everything else. Hence we have complex crazy solutions like SELinux which let you impose a different security model, or stupid solutions like sharing the root password, or the imperfect but probably the most reasonable solution of using sudo.
Another option is to make the stuff you want your assistant to manage belong to a group, be group writable and make your assistant a member of that group. Of course, if it's adding/removing certain accounts but not all accounts, that's not going to work...
Last edited by pileofrogs; 03-22-2007 at 03:27 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.