Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi ,
I'd like to configure one power user in Redhat Linux and would like to grant permission to do almost anything without using sudo. My concern is I don't want to give anyone "root" password but want someone to do almost everything like "root" account using this newly created power user account. Kindly guide how to configure.
Can you tell us why you don't like to use sudo? Sudo is just the tool for the job, to control to what a user has access. You could create a user and force the UID to 0, that way that user will have the same 'powers' as root, but that would be just the same as using root. If you could indicate what you have against using sudo and what your needs are then we might be able to point you to a solution.
Hi EricTRA,
Thanks for your helpful answer.
My concern is that if I grant something ( commands ) to power user inside the "visudo" file , it will basically affect to the whole system and the power user can execute using sudo anywhere in the system . The customer don't want to this power user get that kind of system wide permission. But the customer want that power user restrict on that particular non system folder inside the system only. Anyway I have granted full access right for that folder for power user. Is that possible ? Thanks.
Have you looked at some documentation about sudo? What you want to do can be obtained with sudo by configuring it correctly. Here's an example of what you might need to get what you want.
EricTRA,
Thanks for your reference. I have gone through the document that you have provided. My requirement could be a bit different. The power user need to delete files which belongs to other users inside /DATA folder for the purpose of house keeping. But if I grant this power user
"sudo rm" , he will have access to delete any files inside the whole system. That will be the security breach already.
You're welcome. You can also limit the commands a user can use to a directory. But maybe ACL is more suited for your needs. Have a look at these two links: Linux File Security Know your rights
With the tools explained in those two articles you can define lots of access control lists which will get you far more protection than the standard file permissions. Hope it helps.
Yeah, granting root authority to rm is not the way to accomplish this. Here are some alternatives:
1) Use ACLs (as described above).
2) Use sudo, but not as root. Grant the group of power users sudo rights to a service account that has delete rights in the /DATA folder.
3) Create scripts that perform the necessary housekeeping routines, and rather than giving the power users sudo rights to the rm command, give them sudo rights to the scripts that execute rm. This gives you the opportunity to fence them into your pre-determined usage of rm.
And if we're talking about routine housekeeping, then the best solution is to use option 3 and execute from cron.
on the DATA dir and add that user to the group. Possibly even make him the owner of that dir.
Incidentally, the default for sudo is that the user supplies his own passwd, not root passwd. However, as above, this is not really the way to solve your problem.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.