giving privileges to an user
Matthew Miller
mattdm at mattdm.org
Thu Apr 28 17:36:00 UTC 2005
On Thu, Apr 28, 2005 at 06:45:53PM +0200, Rakotomandimby (R12y) Mihamina wrote:
> I want an user to be able to create/delete users and groups.
> What's the best way to do it?
> - adding him to the "root" group?
> - is there a specific group for that?
> - what way would you suggest ?
How much do you trust this user? Because without careful control, if someone
has the ability to add users, they could add a user with full root access
quite easily.
Assuming that you trust them not to do that, or to mess with other system
accounts, here's what I'd suggest: add the user to the "wheel" group, and
then add the line "UGROUPS=wheel" to the file
/etc/security/console.apps/system-config-users.
This will make it so any members of that group can run the
system-config-users program by entering their own password, not root's.
"Wheel" is the tradition generic "administrative privileges" group -- you
could create something more specific if you want. But *don't* just add them
to the root group, because then their account will have root-equivalent
access all of the time -- and see the "brute force ssh attack" thread for
why that's a bad idea.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 77 degrees Fahrenheit.
More information about the fedora-list
mailing list