How to make a non-root user able to add more users?

Hi!
I want to be able from one user account that I've created (non-root) to add more users with their passwords to an specific group, just that, no more administrative permissions.
How I can achive that in an easy way?
RocaelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

majorwooCommented:
the easiest way is to setup sudo on your machine

you should have a file

/etc/sudoers

if you edit that file you can take the line:

root    ALL=(ALL) ALL

if you add

majorwoo    ALL=(ALL) ALL

then this means the user majorwoo can run any command he wants as root - including sudo passwd root and change the root password, so this essentially gives them root access.  Do this only for people you trust - sudo can be setup to only allow certain commands to, but i have ALL ALL for myself, it makes alot of tasks easier.
0
covatiCommented:
majorwoo, is close. But you want to limit their powers. Instead of
 majorwoo ALL=(ALL) ALL
you want to give the user only access to the command that you are allowing. for example...

<user> <servername>= (root) /usr/sbin/useradd -g <yourgroup> [A-z0-9]*

That should limit not only the command but also the arguments
0
covatiCommented:
My bad, you'll need to add the password too,

<user> <servername>= (root) /usr/sbin/useradd -g <yourgroup> [A-z0-9]* -p [!\ ]

I'm not very practiced in setting possible args for commands w/ sudo, but that's the general idea.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

majorwooCommented:
# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL

# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
0
RocaelAuthor Commented:
I did with visudo

# User privilege specification
root    ALL=(ALL) ALL
nsadmin localhost.localdomain= (root) /usr/sbin/useradd -g gnc [A-z0-9]* -p [!\ ]


then as nsadmin I perform:
[nsadmin@localhost aolserver]$ sudo /usr/sbin/useradd -g gnc rock -p rocky
Sorry, user nsadmin is not allowed to execute '/usr/sbin/useradd -g gnc rock -p rocky' as root on localhost.localdomain.

Am I missing some step?
Thanks.
0
nick_sCommented:
what if you want a user to have full admin rights on the machine, i did what was stated above, but am still unable to change permissions on a folder. what else can be done for this?

nick
0
covatiCommented:
nick, if you want full admin rights you should be able to just do what majorwoo suggested.

rocael, sorry for the delay, I smoked the drive on my linux box at home. Hopefully tonight I should be able to give my suggestion a little test run. I presume there is just a slight problem with the fine detail of the regular expression.

covati
0
majorwooCommented:
Rocael, you should just have to add:

# User privilege specification
root    ALL=(ALL) ALL
nsadmin localhost.localdomain=(root) /usr/sbin/useradd

I noticed a space between the = and (root) which might make it angry.
0
nick_sCommented:
I have the follwoing in Visudo

#User privilege specification
root   ALL=(ALL) ALL
nick   ALL=(ALL) ALL

Shouldn't this allow full admin rights?

Logged in as nick i am unable to right-click a folder and change permission.

Sorry for my ignorance, i am new to Linux :)

Thanks
Nick
0
covatiCommented:
sorry rocael, you just needed a * at the end (and we didn't need to slash out the space):

nsadmin localhost.localdomain=(root) /usr/sbin/useradd -g gnc [A-z0-9]* -p [! ]*

This will ONLY allow you to add users to that group, and the password MUST be supplied, or the command will fail.

nick:
you need to run (fill in your own permissions and dir name):
> sudo chmod 755 myfolder

right clicking and changing permissions is equivalent to running:
> chmod 755 myfolder

This will not work, you need the "sudo" in there to indicate that this is an ability granted to you via sudo. In short, don't bother with the gui for this. There may be a way via the gui, but don't ask me :).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nick_sCommented:
Thanks Covati

Nick
0
CleanupPingCommented:
Rocael:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
majorwooCommented:
looks like Covati got it
0
TheWeakestLinkCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from covati as answer
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.