Ubuntu users privileges

Ubuntu users privileges

I wonder if it is possible to create a user account in ubuntu that is able to reboot the server and another account that is not able to reboot.

Thanks
jskfanAsked:
Who is Participating?
 
serialbandConnect With a Mentor Commented:
Since this is ubuntu, you just need to add the user to the group wheel to give the user sudo ability to run root commands, or become root.  The initial user you've created should be in the group already.  The root password is disabled by default on ubuntu systems.

If you just want to limit the account's root abilities to just the reboot command, edit /etc/sudoers with visudo to add the account that you want to allow to reboot the system.  The changing of the groups that others have given above is old school unix/linux.  /etc/sudoers gives you a bit more power to configure restricted accounts more easily.

Add this to your /etc/sudoers with visudo, if you only want the account to just run reboot.
USER_ACCOUNT_NAME ALL=(root) /usr/bin/reboot

Open in new window


Here's a link to some examples of how to configure sudo.
http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
0
 
Naranthiran DConnect With a Mentor Commented:
You can block the user in Linux by executing a command for example reboot.

First create a group
# groupadd groupname

Add the user you want to disable running the command
# usermod -aG groupName userName

Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

# chmod 700 /usr/bin/reboot

 As the result the users in the group and other user will not be able to use the command reboot.
0
 
jskfanAuthor Commented:
First create a group
# groupadd groupname
This is clear

Add the user you want to disable running the command
# usermod -aG groupName userName
I guess this will add user to the specified group


Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

I believe This specifies which command we are going to give permissions on


# chmod 700 /usr/bin/reboot

I am not sure about this , though 700 means R/W for owner, nothing for Group and nothing for other users.


can you elaborate on the commands above please?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
SandyCommented:
he is removing SETUID from this command see the current permissions.. u got to know

TY/SA
0
 
jskfanAuthor Commented:
Any one to elaborate on this question ?
0
 
jskfanAuthor Commented:
NARANTHIRAN

Can you please elaborate on this question.
0
 
Naranthiran DConnect With a Mentor Commented:
Hi jskfan,

# chmod 700 /usr/bin/reboot

As u said the root user only has read-write-execute permission were has other users do not
have to the directory /usr/bin/reboot .
Once the users from the group or others use the reboot command they will get a message
"permission Denied"

Please let me know for feature Clarification ....
0
 
jskfanAuthor Commented:
Thank you Guys!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.