[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Ubuntu users privileges

Posted on 2014-02-11
9
Medium Priority
?
535 Views
Last Modified: 2014-02-16
Ubuntu users privileges

I wonder if it is possible to create a user account in ubuntu that is able to reboot the server and another account that is not able to reboot.

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 664 total points
ID: 39852529
You can block the user in Linux by executing a command for example reboot.

First create a group
# groupadd groupname

Add the user you want to disable running the command
# usermod -aG groupName userName

Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

# chmod 700 /usr/bin/reboot

 As the result the users in the group and other user will not be able to use the command reboot.
0
 

Author Comment

by:jskfan
ID: 39853962
First create a group
# groupadd groupname
This is clear

Add the user you want to disable running the command
# usermod -aG groupName userName
I guess this will add user to the specified group


Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

I believe This specifies which command we are going to give permissions on


# chmod 700 /usr/bin/reboot

I am not sure about this , though 700 means R/W for owner, nothing for Group and nothing for other users.


can you elaborate on the commands above please?
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39853967
he is removing SETUID from this command see the current permissions.. u got to know

TY/SA
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 

Author Comment

by:jskfan
ID: 39854628
Any one to elaborate on this question ?
0
 

Author Comment

by:jskfan
ID: 39855045
NARANTHIRAN

Can you please elaborate on this question.
0
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 664 total points
ID: 39855307
Hi jskfan,

# chmod 700 /usr/bin/reboot

As u said the root user only has read-write-execute permission were has other users do not
have to the directory /usr/bin/reboot .
Once the users from the group or others use the reboot command they will get a message
"permission Denied"

Please let me know for feature Clarification ....
0
 
LVL 30

Accepted Solution

by:
serialband earned 1336 total points
ID: 39857882
Since this is ubuntu, you just need to add the user to the group wheel to give the user sudo ability to run root commands, or become root.  The initial user you've created should be in the group already.  The root password is disabled by default on ubuntu systems.

If you just want to limit the account's root abilities to just the reboot command, edit /etc/sudoers with visudo to add the account that you want to allow to reboot the system.  The changing of the groups that others have given above is old school unix/linux.  /etc/sudoers gives you a bit more power to configure restricted accounts more easily.

Add this to your /etc/sudoers with visudo, if you only want the account to just run reboot.
USER_ACCOUNT_NAME ALL=(root) /usr/bin/reboot

Open in new window


Here's a link to some examples of how to configure sudo.
http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
0
 

Author Comment

by:jskfan
ID: 39863101
Thank you Guys!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month13 days, 21 hours left to enroll

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question