Re: howto delegate user administration to non-root account?
Paul Johnson wrote:
<#secure method=pgp mode=sign>
-----BEGIN PGP SIGNED MESSAGE-----
Gebhardt Thomas <email@example.com> writes:
it is possible to delegate the adding and removing of users to a
non-root account without getting too much security hassle?
(no alteration of system accounts possible, ...)
If so, is there an easy established/preferred/canonical way to do this?
I believe sudo is probably what you're looking for. Other people
might be able to speak up about specific configurations needed to
facilitate limiting user ability to just adduser/deluser.
I already explained that doesn't work.
You can probably make a wrapper to make it safe, but allowing anyone the
untramelled ability to create/change/delete accounts gives them the keys
to the kingdom.
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/