Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

Create another system admin in Linux

My ERP consultant need to install application on the Red Hat Linux. Is it possible to create another system admin on linux for him to install the application, without giving him the "root" ID ?

Tks
0
AXISHK
Asked:
AXISHK
  • 3
  • 3
  • 2
  • +3
5 Solutions
 
Monis MontherSystem ArchitectCommented:
Yes there is. its called SUDO

Here is a good guide

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch09_:_Linux_Users_and_Sudo

With sudo you can allow a normal user to have some/all of root privileges while still using their own credentials. and you can monitor them.
0
 
upanwarCommented:
Instead of creating a user with root previlege, SUDO is a good optiong. I agree with small_student. If you require further help to configure SUDO, you can ask us.
0
 
praveen_expertCommented:
Yes, SUDO can be configured to provide the limited root access. For ex: if you need to install the particular application.

Also we can create a sudo group, and provide the required commands & directories to execute & access.

Let me know the type of application, and commands used to install. so that i can provide you a sudo codes to update the sudoers files.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PsiCopCommented:
Check out my EE Profile - you'll find a link to my website. On there, look for a paper entitled Controlled Privilege Escalation in Linux/UNIX Environments

It will explain how to safely use the sudo tool recommended above.
0
 
AXISHKAuthor Commented:
Thanks.

I have setup a testing Red Hat 5.0 Enterprise and I could already configured it such that Window users could use its own credential to login to the server.

However, I find that any Window server logging to the Red hat server could shutdown the server. Is it the default security setting ? Is it possible to disable system function for those Window domain users and only allow few operators to have full admin operation on this server ?

Great thanks.
0
 
Monis MontherSystem ArchitectCommented:
Yes you can do this from PAM, you will find the files under /etc/pam.d/

0
 
AXISHKAuthor Commented:
So, this is nothing to do with sudo. To clarify,

- all my Window Domain users could login to the server
- only the few system administration could have full control function on the server.

To archieve this purpose. how to configure it on Red Hat ?

Thanks again.


0
 
Monis MontherSystem ArchitectCommented:
Yes it has to do with sudo.

Any user can access commands under /bin and /usr/bin but needs more privileges to run commands under /usr/sbin/

For example your domain users can not run the command /usr/sbin/useradd to create a new Linux user under /etc/passwd and this must be explicitly added to them by using SUDO
0
 
AXISHKAuthor Commented:
Put the line "%admin ALL=(ALL) ALL" under visudo. Create a user and already put under "admin" group.

Create a login "itsupport" and put under admin group. When I issue su -s under itsupport 's credential and try to restart the network services, it says that the bash service is not found.

Do I need to do anything beside put under visudo in order for user itsupport to have full root privilege ?

Thanks
0
 
farzanjCommented:
For the user you need the following command

sudo su -

In general for any command you need to add sudo in front of it, with the syntax
sudo command
0
 
PsiCopCommented:
Mind you, once someone does that, they have total, complete control over the system.

There is NOTHING that they cannot do - including altering log files.

Make sure that:

a) You trust them
b) They know what they are doing
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now