Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Create another system admin in Linux

Posted on 2011-02-21
Medium Priority
Last Modified: 2013-12-06
My ERP consultant need to install application on the Red Hat Linux. Is it possible to create another system admin on linux for him to install the application, without giving him the "root" ID ?

Question by:AXISHK
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
LVL 14

Accepted Solution

Monis Monther earned 400 total points
ID: 34941303
Yes there is. its called SUDO

Here is a good guide

With sudo you can allow a normal user to have some/all of root privileges while still using their own credentials. and you can monitor them.
LVL 12

Assisted Solution

upanwar earned 400 total points
ID: 34942036
Instead of creating a user with root previlege, SUDO is a good optiong. I agree with small_student. If you require further help to configure SUDO, you can ask us.

Assisted Solution

praveen_expert earned 400 total points
ID: 34944884
Yes, SUDO can be configured to provide the limited root access. For ex: if you need to install the particular application.

Also we can create a sudo group, and provide the required commands & directories to execute & access.

Let me know the type of application, and commands used to install. so that i can provide you a sudo codes to update the sudoers files.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 34

Assisted Solution

PsiCop earned 400 total points
ID: 34947919
Check out my EE Profile - you'll find a link to my website. On there, look for a paper entitled Controlled Privilege Escalation in Linux/UNIX Environments

It will explain how to safely use the sudo tool recommended above.

Author Comment

ID: 34949453

I have setup a testing Red Hat 5.0 Enterprise and I could already configured it such that Window users could use its own credential to login to the server.

However, I find that any Window server logging to the Red hat server could shutdown the server. Is it the default security setting ? Is it possible to disable system function for those Window domain users and only allow few operators to have full admin operation on this server ?

Great thanks.
LVL 14

Expert Comment

by:Monis Monther
ID: 34949598
Yes you can do this from PAM, you will find the files under /etc/pam.d/


Author Comment

ID: 34949605
So, this is nothing to do with sudo. To clarify,

- all my Window Domain users could login to the server
- only the few system administration could have full control function on the server.

To archieve this purpose. how to configure it on Red Hat ?

Thanks again.

LVL 14

Expert Comment

by:Monis Monther
ID: 34950047
Yes it has to do with sudo.

Any user can access commands under /bin and /usr/bin but needs more privileges to run commands under /usr/sbin/

For example your domain users can not run the command /usr/sbin/useradd to create a new Linux user under /etc/passwd and this must be explicitly added to them by using SUDO

Author Comment

ID: 34989688
Put the line "%admin ALL=(ALL) ALL" under visudo. Create a user and already put under "admin" group.

Create a login "itsupport" and put under admin group. When I issue su -s under itsupport 's credential and try to restart the network services, it says that the bash service is not found.

Do I need to do anything beside put under visudo in order for user itsupport to have full root privilege ?

LVL 31

Assisted Solution

farzanj earned 400 total points
ID: 35017088
For the user you need the following command

sudo su -

In general for any command you need to add sudo in front of it, with the syntax
sudo command
LVL 34

Expert Comment

ID: 35022896
Mind you, once someone does that, they have total, complete control over the system.

There is NOTHING that they cannot do - including altering log files.

Make sure that:

a) You trust them
b) They know what they are doing

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. Once you open the link you will see …
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : All lightning effects with instructions : http://www.mediaf…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question