Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
RE: [SLE] root access to user
  • From: "Chiu, PCM (Peter)" <P.C.M.Chiu@xxxxxxxx>
  • Date: Fri, 4 Mar 2005 09:52:06 -0000
  • Message-id: <EB861CD59F6DAA4BBC25EAE9987C5BC9AA651B@xxxxxxxxxxxxxxxxxxxxxxxxxx>

Can I pick on one thing about giving root access to users.

Quite often a user requires to customise his workstation settings,
like display, mouse configuration or print queues etc.

But in doing so, the user will be prompted for the root password.
That is even the case when the user has been given full access with
visudo.

What will you do to get round this?

-----Original Message-----
From: Darryl Gregorash [mailto:raven@xxxxxxxxxxxxx]
Sent: 04 March 2005 01:39
To: suse-linux-e@xxxxxxxx
Subject: Re: [SLE] root access to user




it clown wrote:

>Hi All,
>
>How would you give root access to another user on a suse
>box?
>
sudo

You can set it up so users have limited access, just to a few specific
commands, without them having to have the root password. You can give
trusted users global root access, with or without the root password.
It's all in 'man sudo' and 'man sudoers' (the second of these tells you
how to configure the /etc/sudoers file). Personally, I would not add
anyone to the root group because it opens the system to damage if there
is a security compromise, but sudo really isn't much better, if you
allow anyone to have global access without the root password. You're
just limiting your exposure by limiting who has access and how they can
obtain it.

>
>If you joined the linux box to a w2k domain. How would you give the
>administrator user root access on the linux box?
>
You can do all this in Samba, but unless you are using at least one of
SSL authentication and encrypted passwords in your domain, I would not
use Samba at all (I have a pathological hatred of anything to do with
NetBIOS, and I will not apologize to anyone for it :-) ). Just map
"root = admin administrator" in your Samba username map file. For this
to work, the root password on the Linux box probably will have to be the

same as the administrator's domain password.

If you are not using either SSL or password encryption, then set up ssh
-- do NOT allow root logins -- add a user for that admin, and give him
the root password so he can 'su -' to a root login shell.


--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx Also
check the archives at http://lists.suse.com Please read the FAQs:
suse-linux-e-faq@xxxxxxxx



< Previous Next >
Follow Ups