[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: howto delegate user administration to non-root account?

Paul Johnson wrote:


<#secure method=pgp mode=sign>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gebhardt Thomas <gebhardt@hrz.uni-marburg.de> writes:


it is possible to delegate the adding and removing of users to a
non-root account without getting too much security hassle?
(no alteration of system accounts possible, ...)


Yup.


If so, is there an easy established/preferred/canonical way to do this?


I believe sudo is probably what you're looking for.  Other people
might be able to speak up about specific configurations needed to
facilitate limiting user ability to just adduser/deluser.



I already explained that doesn't work.
You can probably make a wrapper to make it safe, but allowing anyone the untramelled ability to create/change/delete accounts gives them the keys to the kingdom. 


--

Cheers
John

-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
Reply to: