[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: giving privileges to an user



On Thu, Apr 28, 2005 at 06:45:53PM +0200, Rakotomandimby (R12y) Mihamina wrote:
> I want an user to be able to create/delete users and groups.
> What's the best way to do it?
> - adding him to the "root" group?
> - is there a specific group for that?
> - what way would you suggest ?

How much do you trust this user? Because without careful control, if someone
has the ability to add users, they could add a user with full root access
quite easily.

Assuming that you trust them not to do that, or to mess with other system
accounts, here's what I'd suggest: add the user to the "wheel" group, and
then add the line "UGROUPS=wheel" to the file
/etc/security/console.apps/system-config-users.

This will make it so any members of that group can run the
system-config-users program by entering their own password, not root's.


"Wheel" is the tradition generic "administrative privileges" group -- you
could create something more specific if you want. But *don't* just add them
to the root group, because then their account will have root-equivalent
access all of the time -- and see the "brute force ssh attack" thread for
why that's a bad idea.
-- 
Matthew Miller           mattdm mattdm org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>
Current office temperature: 77 degrees Fahrenheit.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]