SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have setup a server (slackware 12.0) for one school. There are lot of users and the teachers want to admin the users. Adding users, deleting users.
I set up webmin on it, and limit the users rights for user and group administration only. But I see that the root user can be selected for deleting and the password can be changed too.
I didn't try it but, it is possible that when I select the root user I can delete it. And the password can be changed just by typing new password without the knowledge of old??
Maybe it is a stupid question, but I am affraid that some clever teacher will try this option.
If the user is logged in as a root-level administrator, of course they can delete or modify the root user. How could you expect anything else?
That said, Webmin has an extremely flexible and powerful access control system with users, groups, and ACLs.
What you want to do is create a new group that is limited to only editing users of a certain UID range, and then create all of your professor accounts as members of that group.
Yes, thats exactly what I need.
I already set up (with help of that documentation) different accounts for each teacher who can admin the accounts of there students.
Quote:
If the user is logged in as a root-level administrator, of course they can delete or modify the root user.
How could you expect anything else?
I just thought that this action will be somehow denied, because I don't see any logical circumstance when the root user should be deleted. I don't even imagine what it can cause if deleted.
But nothing a Live CD (or Slackware install DVD/CD) can't fix (just update /etc/passwd in the mounted / partition)
This begs the doubt: are LiveCDs security threats in an otherwise secure environment? Should organizations prevent employees from using LiveCDs and/or USB sticks at work?
That's why in important PCs you password protect the BIOS and prevent the CD/DVD drive from being bootable. Easy fix. You could also encrypt the partition.
gnashley is right! I remember when I worked as network assistant, there was an IT "engineer" who argued that windows nt passwords were not reset-able, you should have seen his face when I booted from a special linux floppy and reseted the admin password in less than 2min http://home.eunet.no/pnordahl/ntpasswd/
I just thought that this action will be somehow denied, because I don't see any logical circumstance when the root user should be deleted. I don't even imagine what it can cause if deleted.
Logic does not apply to root. root has absolute power over the system.
If you were assuming that root in Webmin is somehow safer than a root login in a shell, it's probably wise to pause in your plans until you've gotten a better grasp on Webmin. A root-level Webmin login is every bit as dangerous (and very nearly as powerful) as a root-level shell. Would you ask if a root-level shell login could delete the root user? (The answer is, of course, "yes, a root-level shell user can delete the root user", thus the same is true of a root-level Webmin user.) ;-)
That's why other accounts can be created, and with arbitrary limits on their powers. Webmin's ACLs are more flexible than standard UNIX permissions, so you can safely use Webmin in ways that a shell account could not be used. User management, for example, is extremely flexible in Webmin, and you can restrict particular accounts to only managing a range of UIDs or other characteristics.
A root-level Webmin login is every bit as dangerous (and very nearly as powerful) as a root-level shell
Good point, I didn't think about the root user of webmin that way.
Quote:
it's probably wise to pause in your plans until you've gotten a better grasp on Webmin
Yes, after the first post I checked out the webmin user administration section (carefully), and now I set up for another user admins an UID range which can they manage.
It is very well designed...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.