Mailinglist Archive: opensuse (3666 mails)

< Previous Next >
Re: [SLE] root access to user
  • From: Darryl Gregorash <raven@xxxxxxxxxxxxx>
  • Date: Thu, 03 Mar 2005 19:39:26 -0600
  • Message-id: <4227BC4E.4070503@xxxxxxxxxxxxx>


it clown wrote:

Hi All,

How would you give root access to another user on a suse
box?

sudo

You can set it up so users have limited access, just to a few specific commands, without them having to have the root password. You can give trusted users global root access, with or without the root password. It's all in 'man sudo' and 'man sudoers' (the second of these tells you how to configure the /etc/sudoers file). Personally, I would not add anyone to the root group because it opens the system to damage if there is a security compromise, but sudo really isn't much better, if you allow anyone to have global access without the root password. You're just limiting your exposure by limiting who has access and how they can obtain it.


If you joined the linux box to a w2k domain. How would you
give the administrator user root access on the linux box?

You can do all this in Samba, but unless you are using at least one of SSL authentication and encrypted passwords in your domain, I would not use Samba at all (I have a pathological hatred of anything to do with NetBIOS, and I will not apologize to anyone for it :-) ). Just map "root = admin administrator" in your Samba username map file. For this to work, the root password on the Linux box probably will have to be the same as the administrator's domain password.

If you are not using either SSL or password encryption, then set up ssh -- do NOT allow root logins -- add a user for that admin, and give him the root password so he can 'su -' to a root login shell.


< Previous Next >
References