Solved

Ubuntu users privileges

Posted on 2014-02-11
9
518 Views
Last Modified: 2014-02-16
Ubuntu users privileges

I wonder if it is possible to create a user account in ubuntu that is able to reboot the server and another account that is not able to reboot.

Thanks
0
Comment
Question by:jskfan
9 Comments
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 166 total points
ID: 39852529
You can block the user in Linux by executing a command for example reboot.

First create a group
# groupadd groupname

Add the user you want to disable running the command
# usermod -aG groupName userName

Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

# chmod 700 /usr/bin/reboot

 As the result the users in the group and other user will not be able to use the command reboot.
0
 

Author Comment

by:jskfan
ID: 39853962
First create a group
# groupadd groupname
This is clear

Add the user you want to disable running the command
# usermod -aG groupName userName
I guess this will add user to the specified group


Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

I believe This specifies which command we are going to give permissions on


# chmod 700 /usr/bin/reboot

I am not sure about this , though 700 means R/W for owner, nothing for Group and nothing for other users.


can you elaborate on the commands above please?
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39853967
he is removing SETUID from this command see the current permissions.. u got to know

TY/SA
0
 

Author Comment

by:jskfan
ID: 39854628
Any one to elaborate on this question ?
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:jskfan
ID: 39855045
NARANTHIRAN

Can you please elaborate on this question.
0
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 166 total points
ID: 39855307
Hi jskfan,

# chmod 700 /usr/bin/reboot

As u said the root user only has read-write-execute permission were has other users do not
have to the directory /usr/bin/reboot .
Once the users from the group or others use the reboot command they will get a message
"permission Denied"

Please let me know for feature Clarification ....
0
 
LVL 27

Accepted Solution

by:
serialband earned 334 total points
ID: 39857882
Since this is ubuntu, you just need to add the user to the group wheel to give the user sudo ability to run root commands, or become root.  The initial user you've created should be in the group already.  The root password is disabled by default on ubuntu systems.

If you just want to limit the account's root abilities to just the reboot command, edit /etc/sudoers with visudo to add the account that you want to allow to reboot the system.  The changing of the groups that others have given above is old school unix/linux.  /etc/sudoers gives you a bit more power to configure restricted accounts more easily.

Add this to your /etc/sudoers with visudo, if you only want the account to just run reboot.
USER_ACCOUNT_NAME ALL=(root) /usr/bin/reboot

Open in new window


Here's a link to some examples of how to configure sudo.
http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
0
 

Author Comment

by:jskfan
ID: 39863101
Thank you Guys!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now