https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910023#M107079 Hi,<BR /><BR />I would like to create a user who should be able to control all others user's home directories should be able to create/delete/modify contents of the other user's files/directories. How can I accomplish this??. But, that user should not have any special privileges on other directories than /home.<BR /><BR />Pl. help.<BR /><BR />Thanks<BR />Karthik Fri, 21 Feb 2003 05:38:03 GMT Karthik S S 2003-02-21T05:38:03Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910023#M107079 Hi,<BR /><BR />I would like to create a user who should be able to control all others user's home directories should be able to create/delete/modify contents of the other user's files/directories. How can I accomplish this??. But, that user should not have any special privileges on other directories than /home.<BR /><BR />Pl. help.<BR /><BR />Thanks<BR />Karthik Fri, 21 Feb 2003 05:38:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910023#M107079 Karthik S S 2003-02-21T05:38:03Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910024#M107080 Hi Karthik,<BR /><BR />SUDO is ideal for you. It is easy to setup and install. You can get sudo from HP's porting site.<BR /><BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/</A><BR /><BR />More information including FAQ is available at<BR /><BR /><A href="http://www.courtesan.com" target="_blank">http://www.courtesan.com</A><BR /><BR />You will have to manipulate sudoers configuration file to achieve what you need.<BR /><BR />-Sri<BR /> Fri, 21 Feb 2003 05:43:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910024#M107080 Sridhar Bhaskarla 2003-02-21T05:43:54Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910025#M107081 You can use sudo(Superuser do) utility.<BR /><BR />With this you can give waht commands a user can run. Fri, 21 Feb 2003 05:46:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910025#M107081 RAC_1 2003-02-21T05:46:09Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910026#M107082 Create any user and give him restricted SAM access. Give him only user administration and dont give anything else.<BR /><BR />then he can delete, add and modify users Fri, 21 Feb 2003 05:49:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910026#M107082 Rajeev Shukla 2003-02-21T05:49:45Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910027#M107083 Another thing I would suggested is <BR />having a restricted SAM account.<BR />Do a sam -r from root<BR /><BR />#sam -r<BR /><BR />Give the requied file access permissions to the user you are planning to.<BR /><BR />Thanks Fri, 21 Feb 2003 05:50:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910027#M107083 T G Manikandan 2003-02-21T05:50:21Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910028#M107084 Hi karthik,<BR /><BR />sudo is the best suit for this operation as said by Sri Fri, 21 Feb 2003 05:51:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910028#M107084 Ravi_8 2003-02-21T05:51:18Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910029#M107085 You will need to set up sudo, as suggested. You could make changes to the directory permissions and create a group that controls it with permissions of 775. <BR /><BR />you can't really use a restricted 'sam' as it is captive. You won't be able to modify directory/file conetents from there. Fri, 21 Feb 2003 07:37:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910029#M107085 Michael Tully 2003-02-21T07:37:37Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910030#M107086 Also there would be other way like using ACL's<BR />If you have JFS3.3 version then you can use them.<BR /><BR />MOst prefer sudo,then that should be the right choice.<BR /><BR /><BR />Thanks Fri, 21 Feb 2003 07:44:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910030#M107086 T G Manikandan 2003-02-21T07:44:05Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910031#M107087 I'm not sure about sudo. How can u accomplish access to all homedir-files and no other files ? Fri, 21 Feb 2003 08:23:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910031#M107087 Systeemingenieurs Infoc 2003-02-21T08:23:32Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910032#M107088 Yeah .. I agree with you. Could any one suggest me how do I set the user and command alias to accomplish the required task? (i.e. the user should have full access only on /home)..<BR /><BR />Thanks<BR />Karthik Fri, 21 Feb 2003 11:53:33 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910032#M107088 Karthik S S 2003-02-21T11:53:33Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910033#M107089 I agree, Karthik. Sudo, in this case is "nodo". It won't accomplish what you want. Michael's suggestion about creating a controlling group that would have access to /home/* would seem to be the most likely solution.<BR /><BR />Pete Fri, 21 Feb 2003 11:59:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910033#M107089 Pete Randall 2003-02-21T11:59:00Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910034#M107090 Hi,<BR /><BR />But even if I create a group with 775 permissions for /home/* if a user creates a file with 077 permission then that group owner cant do anything about it right??. I am more confused now :-( <BR /><BR />Pl. help<BR /><BR />Thanks<BR />Karthik Fri, 21 Feb 2003 12:19:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910034#M107090 Karthik S S 2003-02-21T12:19:14Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910035#M107091 Sorry, Karthik, I mis-read Michael's post. He's suggesting a combination of sudo and group permissions and I'm not sure quite how that would work.<BR /><BR />I'm as confused as you now.<BR /><BR />Pete Fri, 21 Feb 2003 12:22:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910035#M107091 Pete Randall 2003-02-21T12:22:55Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910036#M107092 Hi <BR /><BR />I found some workaround for this task. i.e giving a particular user the "su" access to login as other user save root.<BR /><BR />Host_Alias SERVERS=host1<BR /><BR />suhome SERVERS=/bin/su ?*,!/bin/su root,!/bin/su - root<BR /><BR />The user suhome will be able to login as any other user in the system but not as root. But this still may have some security risk. Could anyone suggest me if there are some other ways to do it??<BR /><BR />Thanks<BR />Karthik Fri, 21 Feb 2003 13:17:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910036#M107092 Karthik S S 2003-02-21T13:17:03Z https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910037#M107093 I see 2 solutions :<BR /><BR />1. write scripts for every functionality u want to give tot the admin : create dir, rempove dir, ... (no vi plz). Then let him execute the scripts via sudo.<BR /><BR />2. use samba : create a service for /home and allow you admin to map it on his windoz. He'll be able to mess around with the files at will. 1 thing : do a "force user=root" (i hope that's a good idea, but at first sight it is). Fri, 21 Feb 2003 13:27:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/user-creation/m-p/2910037#M107093 Systeemingenieurs Infoc 2003-02-21T13:27:22Z