Allowing a normal nonroot user to create accounts?
I am tech support and head admin for a hosting provider....
I've written a bash cript to install a server by basically copying a template install to the directory of my choice. Say, pserver -user jo would install to /home/jo Unfortunately, the owner of the server does NOT want to give me root level access and so I'd need to be able to do this under a non root account. So what I'm asking is would it be possible to: * Allow a non root user to execute /usr/sbin/adduser * Allow a non root user to be able to copy the template files to the above newly created users home directory (e.g. user jon , a non root user, copying /home/jon/template/ to /home/newuser/) Is this possible at all in any way that could accomplish the same end result? Will someone give some feedback on this weather it's possible or not to get a result like this? I considered writing a webserver that could run under ROOT but that'd be a gaping hole if someone figured out an exploit to the apache server or whatnot. Is there any alternative to accomplish a system like this without him giving me root access? Any response will be greatly appriciated, thanks, jon |
Yes it is entirely possible. Your admin will have to add you to the "sudoers" file under "/etc" file. That file is setup so you can give certain users certain privledges without having to 'su' or be a root.
>>A listing in the file itself Quote:
|
Quote:
Any thing one does to work around this IS A SECURITY RISK!!! |
My recommendation would be forward each and every adduser request to the guy who owns the server and ask him to do it because you don't have the necessary tools/privs. Be sure to also CC the person who requested the new ID, so he/she knows the ball is in that guy's court and that you're not the bottleneck.
Seriously, as an outside observer, it seems to me that the situation you've described is that an employee (meaning you) has been given the responsibility to perform a certain task, but that the employee's managers are refusing to give him the tools he would need to do the job. That's an un-winnable situation, and the only 2 outcomes to resolve it are to either reassign the task to someone who does have the tools (the other guy), or to provide you with the necessary tools (meaning giving you root). If the latter option is not a possibility, per your post, then that leaves only the former. In any event, I totally agree with 320mb; personally I would consider adding new user accounts to be the responsibility of root, and any steps taken to defeat these built in security measures would be ill-advised IMO. -- J.W. |
All times are GMT -5. The time now is 11:50 PM. |