HPE Community
Operating System - HP-UX
1827727 Members
2792 Online
109968 Solutions
New Discussion

Re: User creation

 
SOLVED
Go to solution
Karthik S S
Honored Contributor

‎02-20-2003 09:38 PM

‎02-20-2003 09:38 PM

User creation

Hi,

I would like to create a user who should be able to control all others user's home directories should be able to create/delete/modify contents of the other user's files/directories. How can I accomplish this??. But, that user should not have any special privileges on other directories than /home.

Pl. help.

Thanks
Karthik
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
0 Kudos
Reply
14 REPLIES 14
Sridhar Bhaskarla
Honored Contributor

‎02-20-2003 09:43 PM

‎02-20-2003 09:43 PM

Solution

Re: User creation

Hi Karthik,

SUDO is ideal for you. It is easy to setup and install. You can get sudo from HP's porting site.

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

More information including FAQ is available at

http://www.courtesan.com

You will have to manipulate sudoers configuration file to achieve what you need.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Reply
RAC_1
Honored Contributor

‎02-20-2003 09:46 PM

‎02-20-2003 09:46 PM

Re: User creation

You can use sudo(Superuser do) utility.

With this you can give waht commands a user can run.
There is no substitute to HARDWORK
0 Kudos
Reply
Rajeev Shukla
Honored Contributor

‎02-20-2003 09:49 PM

‎02-20-2003 09:49 PM

Re: User creation

Create any user and give him restricted SAM access. Give him only user administration and dont give anything else.

then he can delete, add and modify users
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎02-20-2003 09:50 PM

‎02-20-2003 09:50 PM

Re: User creation

Another thing I would suggested is
having a restricted SAM account.
Do a sam -r from root

#sam -r

Give the requied file access permissions to the user you are planning to.

Thanks
0 Kudos
Reply
Ravi_8
Honored Contributor

‎02-20-2003 09:51 PM

‎02-20-2003 09:51 PM

Re: User creation

Hi karthik,

sudo is the best suit for this operation as said by Sri
never give up
0 Kudos
Reply
Michael Tully
Honored Contributor

‎02-20-2003 11:37 PM

‎02-20-2003 11:37 PM

Re: User creation

You will need to set up sudo, as suggested. You could make changes to the directory permissions and create a group that controls it with permissions of 775.

you can't really use a restricted 'sam' as it is captive. You won't be able to modify directory/file conetents from there.
Anyone for a Mutiny ?
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎02-20-2003 11:44 PM

‎02-20-2003 11:44 PM

Re: User creation

Also there would be other way like using ACL's
If you have JFS3.3 version then you can use them.

MOst prefer sudo,then that should be the right choice.


Thanks
0 Kudos
Reply
Systeemingenieurs Infoc
Valued Contributor

‎02-21-2003 12:23 AM

‎02-21-2003 12:23 AM

Re: User creation

I'm not sure about sudo. How can u accomplish access to all homedir-files and no other files ?
A Life ? Cool ! Where can I download one of those from ?
0 Kudos
Reply
Karthik S S
Honored Contributor

‎02-21-2003 03:53 AM

‎02-21-2003 03:53 AM

Re: User creation

Yeah .. I agree with you. Could any one suggest me how do I set the user and command alias to accomplish the required task? (i.e. the user should have full access only on /home)..

Thanks
Karthik
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎02-21-2003 03:59 AM

‎02-21-2003 03:59 AM

Re: User creation

I agree, Karthik. Sudo, in this case is "nodo". It won't accomplish what you want. Michael's suggestion about creating a controlling group that would have access to /home/* would seem to be the most likely solution.

Pete

Pete
0 Kudos
Reply
Karthik S S
Honored Contributor

‎02-21-2003 04:19 AM

‎02-21-2003 04:19 AM

Re: User creation

Hi,

But even if I create a group with 775 permissions for /home/* if a user creates a file with 077 permission then that group owner cant do anything about it right??. I am more confused now :-(

Pl. help

Thanks
Karthik
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎02-21-2003 04:22 AM

‎02-21-2003 04:22 AM

Re: User creation

Sorry, Karthik, I mis-read Michael's post. He's suggesting a combination of sudo and group permissions and I'm not sure quite how that would work.

I'm as confused as you now.

Pete

Pete
0 Kudos
Reply
Karthik S S
Honored Contributor

‎02-21-2003 05:17 AM

‎02-21-2003 05:17 AM

Re: User creation

Hi

I found some workaround for this task. i.e giving a particular user the "su" access to login as other user save root.

Host_Alias SERVERS=host1

suhome SERVERS=/bin/su ?*,!/bin/su root,!/bin/su - root

The user suhome will be able to login as any other user in the system but not as root. But this still may have some security risk. Could anyone suggest me if there are some other ways to do it??

Thanks
Karthik
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
0 Kudos
Reply
Systeemingenieurs Infoc
Valued Contributor

‎02-21-2003 05:27 AM

‎02-21-2003 05:27 AM

Re: User creation

I see 2 solutions :

1. write scripts for every functionality u want to give tot the admin : create dir, rempove dir, ... (no vi plz). Then let him execute the scripts via sudo.

2. use samba : create a service for /home and allow you admin to map it on his windoz. He'll be able to mess around with the files at will. 1 thing : do a "force user=root" (i hope that's a good idea, but at first sight it is).
A Life ? Cool ! Where can I download one of those from ?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.