Linux Admin Help

StuartMc77
StuartMc77 used Ask the Experts™
on
Hi all,

I have a lot of network experience but after a recent job change I am now learning to administer linux systems for the first time.  I'm not a complete Linux novice but please assume I don't know what you talking about when answering my question.

My first course of action here is to stop everyone having root access to the systems but not stop them doing what they need, here is how it works:

our linux servers run Centos V5.3
it runs apache, php, mysql and qmail
users need to work with the database and run php scripts and also edit crontabs
Basically I want to prevent them altering system files and adding/editing users

What do you recommend and how do I do it?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
hi,

create a login to them by using adduser
create a group and assign the created user in it and assign a group a right.


 
Top Expert 2007
Commented:
sudo is the tool you want.

Essentially you define each of the command/s a non-root user needs.

For example, if you want user fred to be able to edit root crontab, then you define a sudoers entry via the visudo command with

fred ALL= /usr/bin/crontab

Then when fred wants to list/change root's crontab, they do

sudo crontab -e

and type in their password (there's an option in sudoers to say whether a password is required or not)
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Asr

Commented:
Hi,
create a group with the permission they need for php,... and change security file that the group should be their standard permission.

Author

Commented:
Thanks everyone... Tintin, where would I put the "fred ALL= /usr/bin/crontab" part?

Author

Commented:
also when I tried to use the sudo command it couldn't be found on the server... I did eventually find what I think is it in /usr/share/zsh/4.2.6/functions but named _sudo... I copied it to the /usr/bin as just sudo and change permissions to be able to use it but I just get "/usr/bin/sudo: line 4: arguments: command not found" now

Author

Commented:
it seems what I found was just a txt file explaining the arguments... where is or how do I install sudo?
Monis MontherSystem Architect
Commented:
For users to work with the database, they need accounts on the MySQL also

To do that

1- enter your mysql server as root

mysql -u root -p

Now under the mysql prompt run the following mysql commands

mysql> create user 'username'@'localhost' identified by 'some-password';
mysql> grant all privileges on DBname.* to 'username'@'localhost';
mysql> flush privileges;

The above commands will create the user username with no privileges then assign him all privileges to DBname, you can repeat the steps above for any user and DB you have

I am not sute under windows , but I guess its the same

Now if you enter to mysql with any of those users he will only see the DB he has access to

Author

Commented:
I figured out how to install sudo... simple really, "yum -y install sudo"

Sudo certainly seems to do what I need... Thanks for that...

the mysql user bit, thanks for that also... been a while since I've created users in MySQL...

Author

Commented:
I love this website... thanks guys.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial