Solved

Linux user Privileges

Posted on 2014-02-10
9
711 Views
Last Modified: 2014-02-11
Linux user Privileges

In windows domain, you can have enterprise Admins, Domain Admins, Account operators, print operators,etc...

I wonder what is the equivalent in Linux (ubuntu)

Thank you
0
Comment
Question by:jskfan
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 10

Assisted Solution

by:stu215
stu215 earned 166 total points
Comment Utility
Ubuntu User Management:
https://help.ubuntu.com/10.04/serverguide/user-management.html

Ubuntu File Permissions:
https://help.ubuntu.com/community/FilePermissions

Ubuntu General System Mgt:
https://help.ubuntu.com/community/SystemAdministration

Generally you would setup groups and then apply the group to a set of files, and then add users to those groups which would restrict access to files by a group.

NOTE: see the file permissions link above as you have to explicitly set what permissions you would like the group to have on a particular set of files / folders / etc.
0
 

Author Comment

by:jskfan
Comment Utility
For instance Sudoers..
Are all users added to Sudoers file have the same privileges as Root user
0
 
LVL 10

Assisted Solution

by:stu215
stu215 earned 166 total points
Comment Utility
Adding a user to the sudoers file is giving the user a way to execute things as though they were the root user ( or a specified user ) but without allowing them to login as root.

Depeding on how its configured they should be prompted to enter a "sudo" password in order to execute the command they would like executed.

- You can setup different levels of users which can execute certain commands.

This explains it a bit better:
https://help.ubuntu.com/community/Sudoers
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 167 total points
Comment Utility
There is no equivalent roles in  Ubuntu / Linux.

The only "admin" in Linux is root. The fore mention sudoers is similar as "Run As Administrator" in Windows but it is nowhere near root privileges.

man sudo

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 83 total points
Comment Utility
No it is not... Linux uses FLAT user db... not schema based. Linux has group called root, sys, operator ...

can be checked under /etc/group

TY/SA
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 84 total points
Comment Utility
Mazdajai is incorrect.

As stu215 mentioned, if you have your sudo account set to run as full root, you are fully root.  Accounts can be set with limited privileges if you want.

Without sudo, you have root (admin) and non-root (users) accounts and groups to differentiate permissions as Sandy mentioned.  It's same same as how groups works in Windows.
0
 

Author Comment

by:jskfan
Comment Utility
in windows you have Administrator at  the domain level (Domain Admin)
you have Administrator on the local server only.
you have power users and you have just regular users that cannot download or execute certain commands.


in Linux you have Root at the domain level , assuming we are using LDAP) and there is Root user on each server, I am not sure about the equivalent of powers users, account operators, print operators, backup operators, etc... in Linux.

it sounds like in Linux you can be either Root or regular user nothing in between...
0
 
LVL 21

Accepted Solution

by:
Mazdajai earned 167 total points
Comment Utility
...Without sudo, you have root (admin) and non-root (users) accounts and groups to differentiate permissions as Sandy mentioned.  It's same same as how groups works in Windows.

Incorrect and disagree are two different terms. I will never say the groups works the same in  Windows vs Linux.

You can assign user rights to restart the server in Linux (not shutdown) but you can't in Windows. Why?

Group is merely a container in Linux, you can use username and never touch /etc/group in sudoer. (Bad practice but doable) On the other hand, Domain Admin and Schema Admin are predefined groups that cannot be substituted. Why?

Because they are fundamental two different type of operating systems. Linux design secure in mind whereas Windows design to be ease of use.
0
 

Author Closing Comment

by:jskfan
Comment Utility
Thank you
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

After running Ubuntu some time, you will be asked to download updates for fixing bugs and security updates. All the packages you download replace the previous ones, except for the kernel, also called "linux-image". This is due to the fact that w…
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now