[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: howto delegate user administration to non-root account?

Paul Johnson wrote:

<#secure method=pgp mode=sign>
Hash: SHA1

Gebhardt Thomas <gebhardt@hrz.uni-marburg.de> writes:

it is possible to delegate the adding and removing of users to a
non-root account without getting too much security hassle?
(no alteration of system accounts possible, ...)


If so, is there an easy established/preferred/canonical way to do this?

I believe sudo is probably what you're looking for.  Other people
might be able to speak up about specific configurations needed to
facilitate limiting user ability to just adduser/deluser.

I already explained that doesn't work.

You can probably make a wrapper to make it safe, but allowing anyone the untramelled ability to create/change/delete accounts gives them the keys to the kingdom.



-- spambait
1aaaaaaa@computerdatasafe.com.au  Z1aaaaaaa@computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

Reply to: