Re: howto delegate user administration to non-root account?

[Gebhardt Thomas <gebhardt@hrz.uni-marburg.de>]

On Thursday 09 September 2004 10:28, matt okeson-harlow wrote:

Hi,

> you could use the sudo command
>
> if it is not already installed:
>
> # apt-get install sudo
>
> read the man page for sudo to see how to setup what you are looking for

thank you!

I'm aware of sudo and I'd probably start with something like
"subadmin       ALL = /usr/sbin/adduser".

The problem with such homemade solutions to nontrivial security
related problems is that you will almost certainly open a security
loophole when you implement it the first time. You will not allow
a subadmin to modify/create accounts with uid < 1000, but does
that suffice? 

Since my problem seems not that uncommon to me, I was asking
for an established procedure that has already been "reviewed" and
found to be secure.

Cheers, Thomas