Prev: xml diff and patch in shell script:
Next: Produce a human-readable report from /etc/sudoers
From: Matthew Lincoln on 23 Apr 2008 07:51
I want to create a new user who should have (almost) the same privileges as root.
Is there a (pre-defined) group which has more privileges than "other" but less
the "root's" group? I need this for the user add command and the " -g " option.

If there is no such group I am willing to create a second co-root:

What is the group to which "root" belong?

Thank you
Matthew
From: Robert Heller on 23 Apr 2008 08:30
At 23 Apr 2008 11:51:31 GMT kmlincoln100(a)hotmail.com (Matthew Lincoln) wrote:

>
> I want to create a new user who should have (almost) the same privileges as root.
> Is there a (pre-defined) group which has more privileges than "other" but less
> the "root's" group? I need this for the user add command and the " -g " option.
>
> If there is no such group I am willing to create a second co-root:
>
> What is the group to which "root" belong?

You should not be doing this.

Use sudo. Visit

http://www.deepsoft.com/Articles/Showarticle.tcl?Source=http://www.deepsoft.com/Articles/2/Article-2.ahtml

For a more in-depth discussion.

>
> Thank you
> Matthew
>

--
Robert Heller -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software -- Linux Installation and Administration
http://www.deepsoft.com/ -- Web Hosting, with CGI and Database
heller(a)deepsoft.com -- Contract Programming: C/C++, Tcl/Tk

From: Todd H. on 23 Apr 2008 09:22
kmlincoln100(a)hotmail.com (Matthew Lincoln) writes:

> I want to create a new user who should have (almost) the same privileges as root.
> Is there a (pre-defined) group which has more privileges than "other" but less
> the "root's" group? I need this for the user add command and the "
> -g " option.

In ubuntu Linux anyway (it's what I have handy right now), root's
primary group is group 0, which maps to group root:

$ grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash

$ grep :0: /etc/group
root:x:0:

But:
o Your milage may vary based on flavor of *nix and maybe Linux
distribution
o and this probably isn't the best tree to be barking up to solve
your problem.

However:
putting the user in group admin and using sudo will probably
be what you want.

> If there is no such group I am willing to create a second co-root:
>
> What is the group to which "root" belong?

As another poster stated, you're trying to reinvent a wheel that's
been very well invented.

sudo is the right way to handle this and is quick to set up.

In Ubuntu anyway, if you put the user account you want to be "co root"
into the admin group, by default, /etc/sudoers is configured to allow
that individual to execute any command as root simply by prepending
the command with "sudo". sudo will prompt for that user's password
for verification, then will execute the command as root.

# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults

Defaults !lecture,tty_tickets,!fqdn

# User privilege specification
root ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL


Best Regards,
--
Todd H.
http://www.toddh.net/
From: Lew Pitcher on 23 Apr 2008 09:56
In comp.os.linux.misc, Matthew Lincoln wrote:

> I want to create a new user who should have (almost) the same privileges
> as root. Is there a (pre-defined) group which has more privileges than
> "other" but less the "root's" group? I need this for the user add command
> and the " -g " option.
>
> If there is no such group I am willing to create a second co-root:
>
> What is the group to which "root" belong?

The root user (UID 0) is not restricted to specific groups. While you /can/
add "root" to any number of groups in the /etc/groups list, it is not
necessary, as UID 0 is permitted by the OS to act as if it had membership
in any group already.

There's no way to "create a new user who should have (almost) the same
privileges as root". What you do instead is create a new user who has
no "root" privileges (because root is all-powerful by definition), and then
permit that new user to "become root" for the purposes of some operations.

This "become root" is implemented in the sudo(8) command ("man 8 sudo") and
the sudoers(5) file ("man 5 sudoers").

--
Lew Pitcher

Master Codewright & JOAT-in-training | Registered Linux User #112576
http://pitcher.digitalfreehold.ca/ | GPG public key available by request
---------- Slackware - Because I know what I'm doing. ------


 | 
Pages: 1
Prev: xml diff and patch in shell script:
Next: Produce a human-readable report from /etc/sudoers