Re: Admin for E-MAIL users only
On Thu, 4 Jul 2002 13:26, Fraser Campbell wrote:
> On Thu, 2002-07-04 at 12:55, rj wrote:
> > What is the best way to delegate some root privileges for a user
> > which could only create e-mail accounts and make newaliases?
>
> sudo. We write a couple of wrapper scripts around adduser (it does a
> few other things as well) and allow access to it through sudo.
>
> An even better (or at least potentially easier) method put the users in
> a database or LDAP. Most MTA and Linux itself support lookups of
> aliases and users in this fashion, wrapping a web interface around a db
> (and likely LDAP) isn't too hard.
Delegating administrative access to one tree of an LDAP directory is easy.
Preventing it from being used maliciously is another issue. A hostile user
could create a new LDAP entry with a UID of 0...
Of course you could get an email server and POP server that both use LDAP
only to store account details so there is never a Unix account, but that's
painful to setup.
Restricting someone who has UID=0 in a chroot environment from taking over
the rest of the machine is easy enough though...
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: