Re: Administrative rights for special task
On Wed, Jun 09, 2004 at 07:11:30PM +0200, Debian Users wrote:
> Dear List,
>
> I would like to give a regular user the rights to do the following on a
> Debian system:
>
> 1) Install a (secure) ldap server
> 2) Test the server
> 3) Fill in the address "data base" for this server
>
> Question: Does this user need full root privileges on this machine? Even
> though this is only a test machine, I would rather not have him the rights
> to change passwords and see users files.
>
> My hunch is, there is no other way but lending him full root access, but I
> would be delighted to hear your wisdom!
>
I don't know if it will give you the full limitations you want but it
sounds like sudo is your friend, it allows limiting users to specific
programs.
Another solution is to make the relevant program suid root (runs as
root), make it inaccessible to a regular user and executable to group
and then set a relevant group and add the user to it (chmod 04710
<prog>)
Third option is to run the server is a uml, then the user has root
privilege in the uml but no root access to the system.
> Regards, Stefan
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
> +++++++++++++++++++++++++++++++++++++++++++
> This Mail Was Scanned By Mail-seCure System
> at the Tel-Aviv University CC.
Reply to: