?
Solved

Ubuntu users privileges

Posted on 2014-02-11
9
Medium Priority
?
537 Views
Last Modified: 2014-02-16
Ubuntu users privileges

I wonder if it is possible to create a user account in ubuntu that is able to reboot the server and another account that is not able to reboot.

Thanks
0
Comment
Question by:jskfan
8 Comments
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 664 total points
ID: 39852529
You can block the user in Linux by executing a command for example reboot.

First create a group
# groupadd groupname

Add the user you want to disable running the command
# usermod -aG groupName userName

Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

# chmod 700 /usr/bin/reboot

 As the result the users in the group and other user will not be able to use the command reboot.
0
 

Author Comment

by:jskfan
ID: 39853962
First create a group
# groupadd groupname
This is clear

Add the user you want to disable running the command
# usermod -aG groupName userName
I guess this will add user to the specified group


Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

I believe This specifies which command we are going to give permissions on


# chmod 700 /usr/bin/reboot

I am not sure about this , though 700 means R/W for owner, nothing for Group and nothing for other users.


can you elaborate on the commands above please?
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39853967
he is removing SETUID from this command see the current permissions.. u got to know

TY/SA
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jskfan
ID: 39854628
Any one to elaborate on this question ?
0
 

Author Comment

by:jskfan
ID: 39855045
NARANTHIRAN

Can you please elaborate on this question.
0
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 664 total points
ID: 39855307
Hi jskfan,

# chmod 700 /usr/bin/reboot

As u said the root user only has read-write-execute permission were has other users do not
have to the directory /usr/bin/reboot .
Once the users from the group or others use the reboot command they will get a message
"permission Denied"

Please let me know for feature Clarification ....
0
 
LVL 31

Accepted Solution

by:
serialband earned 1336 total points
ID: 39857882
Since this is ubuntu, you just need to add the user to the group wheel to give the user sudo ability to run root commands, or become root.  The initial user you've created should be in the group already.  The root password is disabled by default on ubuntu systems.

If you just want to limit the account's root abilities to just the reboot command, edit /etc/sudoers with visudo to add the account that you want to allow to reboot the system.  The changing of the groups that others have given above is old school unix/linux.  /etc/sudoers gives you a bit more power to configure restricted accounts more easily.

Add this to your /etc/sudoers with visudo, if you only want the account to just run reboot.
USER_ACCOUNT_NAME ALL=(root) /usr/bin/reboot

Open in new window


Here's a link to some examples of how to configure sudo.
http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
0
 

Author Comment

by:jskfan
ID: 39863101
Thank you Guys!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month16 days, 19 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question