?
Solved

How to make a non-root user able to add more users?

Posted on 2003-03-24
14
Medium Priority
?
271 Views
Last Modified: 2010-04-20
Hi!
I want to be able from one user account that I've created (non-root) to add more users with their passwords to an specific group, just that, no more administrative permissions.
How I can achive that in an easy way?
0
Comment
Question by:Rocael
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
  • +3
14 Comments
 
LVL 9

Expert Comment

by:majorwoo
ID: 8198881
the easiest way is to setup sudo on your machine

you should have a file

/etc/sudoers

if you edit that file you can take the line:

root    ALL=(ALL) ALL

if you add

majorwoo    ALL=(ALL) ALL

then this means the user majorwoo can run any command he wants as root - including sudo passwd root and change the root password, so this essentially gives them root access.  Do this only for people you trust - sudo can be setup to only allow certain commands to, but i have ALL ALL for myself, it makes alot of tasks easier.
0
 

Expert Comment

by:covati
ID: 8210453
majorwoo, is close. But you want to limit their powers. Instead of
 majorwoo ALL=(ALL) ALL
you want to give the user only access to the command that you are allowing. for example...

<user> <servername>= (root) /usr/sbin/useradd -g <yourgroup> [A-z0-9]*

That should limit not only the command but also the arguments
0
 

Expert Comment

by:covati
ID: 8210468
My bad, you'll need to add the password too,

<user> <servername>= (root) /usr/sbin/useradd -g <yourgroup> [A-z0-9]* -p [!\ ]

I'm not very practiced in setting possible args for commands w/ sudo, but that's the general idea.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:majorwoo
ID: 8210805
# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
0
 

Author Comment

by:Rocael
ID: 8231098
I did with visudo

# User privilege specification
root    ALL=(ALL) ALL
nsadmin localhost.localdomain= (root) /usr/sbin/useradd -g gnc [A-z0-9]* -p [!\ ]


then as nsadmin I perform:
[nsadmin@localhost aolserver]$ sudo /usr/sbin/useradd -g gnc rock -p rocky
Sorry, user nsadmin is not allowed to execute '/usr/sbin/useradd -g gnc rock -p rocky' as root on localhost.localdomain.

Am I missing some step?
Thanks.
0
 
LVL 1

Expert Comment

by:nick_s
ID: 8291293
what if you want a user to have full admin rights on the machine, i did what was stated above, but am still unable to change permissions on a folder. what else can be done for this?

nick
0
 

Expert Comment

by:covati
ID: 8291324
nick, if you want full admin rights you should be able to just do what majorwoo suggested.

rocael, sorry for the delay, I smoked the drive on my linux box at home. Hopefully tonight I should be able to give my suggestion a little test run. I presume there is just a slight problem with the fine detail of the regular expression.

covati
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 8292110
Rocael, you should just have to add:

# User privilege specification
root    ALL=(ALL) ALL
nsadmin localhost.localdomain=(root) /usr/sbin/useradd

I noticed a space between the = and (root) which might make it angry.
0
 
LVL 1

Expert Comment

by:nick_s
ID: 8292552
I have the follwoing in Visudo

#User privilege specification
root   ALL=(ALL) ALL
nick   ALL=(ALL) ALL

Shouldn't this allow full admin rights?

Logged in as nick i am unable to right-click a folder and change permission.

Sorry for my ignorance, i am new to Linux :)

Thanks
Nick
0
 

Accepted Solution

by:
covati earned 500 total points
ID: 8297002
sorry rocael, you just needed a * at the end (and we didn't need to slash out the space):

nsadmin localhost.localdomain=(root) /usr/sbin/useradd -g gnc [A-z0-9]* -p [! ]*

This will ONLY allow you to add users to that group, and the password MUST be supplied, or the command will fail.

nick:
you need to run (fill in your own permissions and dir name):
> sudo chmod 755 myfolder

right clicking and changing permissions is equivalent to running:
> chmod 755 myfolder

This will not work, you need the "sudo" in there to indicate that this is an ability granted to you via sudo. In short, don't bother with the gui for this. There may be a way via the gui, but don't ask me :).
0
 
LVL 1

Expert Comment

by:nick_s
ID: 8306133
Thanks Covati

Nick
0
 

Expert Comment

by:CleanupPing
ID: 9087621
Rocael:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 9

Expert Comment

by:majorwoo
ID: 9090743
looks like Covati got it
0
 
LVL 2

Expert Comment

by:TheWeakestLink
ID: 9289714
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from covati as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month15 days, left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question