?
Solved

Ubuntu users privileges

Posted on 2014-02-11
9
Medium Priority
?
533 Views
Last Modified: 2014-02-16
Ubuntu users privileges

I wonder if it is possible to create a user account in ubuntu that is able to reboot the server and another account that is not able to reboot.

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 664 total points
ID: 39852529
You can block the user in Linux by executing a command for example reboot.

First create a group
# groupadd groupname

Add the user you want to disable running the command
# usermod -aG groupName userName

Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

# chmod 700 /usr/bin/reboot

 As the result the users in the group and other user will not be able to use the command reboot.
0
 

Author Comment

by:jskfan
ID: 39853962
First create a group
# groupadd groupname
This is clear

Add the user you want to disable running the command
# usermod -aG groupName userName
I guess this will add user to the specified group


Change the group of the directory for example i am disabling the reboot command for user

#chgrp groupname /usr/bin/reboot

I believe This specifies which command we are going to give permissions on


# chmod 700 /usr/bin/reboot

I am not sure about this , though 700 means R/W for owner, nothing for Group and nothing for other users.


can you elaborate on the commands above please?
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39853967
he is removing SETUID from this command see the current permissions.. u got to know

TY/SA
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 

Author Comment

by:jskfan
ID: 39854628
Any one to elaborate on this question ?
0
 

Author Comment

by:jskfan
ID: 39855045
NARANTHIRAN

Can you please elaborate on this question.
0
 
LVL 5

Assisted Solution

by:NARANTHIRAN
NARANTHIRAN earned 664 total points
ID: 39855307
Hi jskfan,

# chmod 700 /usr/bin/reboot

As u said the root user only has read-write-execute permission were has other users do not
have to the directory /usr/bin/reboot .
Once the users from the group or others use the reboot command they will get a message
"permission Denied"

Please let me know for feature Clarification ....
0
 
LVL 30

Accepted Solution

by:
serialband earned 1336 total points
ID: 39857882
Since this is ubuntu, you just need to add the user to the group wheel to give the user sudo ability to run root commands, or become root.  The initial user you've created should be in the group already.  The root password is disabled by default on ubuntu systems.

If you just want to limit the account's root abilities to just the reboot command, edit /etc/sudoers with visudo to add the account that you want to allow to reboot the system.  The changing of the groups that others have given above is old school unix/linux.  /etc/sudoers gives you a bit more power to configure restricted accounts more easily.

Add this to your /etc/sudoers with visudo, if you only want the account to just run reboot.
USER_ACCOUNT_NAME ALL=(root) /usr/bin/reboot

Open in new window


Here's a link to some examples of how to configure sudo.
http://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
0
 

Author Comment

by:jskfan
ID: 39863101
Thank you Guys!
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month9 days, 6 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question