Operating System - Linux
1827855 Members
2705 Online
109969 Solutions
New Discussion

Re: how to make an ordinary user, the SysAdmin

 
SOLVED
Go to solution
Maaz
Valued Contributor

how to make an ordinary user, the SysAdmin

Hello Dear Gurus,

plz help... how can I assign all Administrative Rights to a normal/ordinary user, i.e what Shoud I have to do in order to make a normal user Administrator of the System. I have to assign all admin power to a user named 'marshal', and I m the root user of the system.
In windows 2K, its so simple, we simple add that normal user to Administrators Group, then that normal user automatically becomes the Most Powerful user of the System.

Peace,
Maaz
12 REPLIES 12
Olivier Drouin
Trusted Contributor
Solution

Re: how to make an ordinary user, the SysAdmin

vi /etc/sudoers
#Add this line:
%wheel ALL=/usr/bin/su - root

vi /etc/groups
#Add the user the group "wheel"

and then the user can:

$ sudo su - root

and then he enters his passwd.
Voila! he's root.

Or more simple than that: give him the root passwd.
Mogens Kjaer
Frequent Advisor

Re: how to make an ordinary user, the SysAdmin

On a RedHat/Fedora system, you can add the user
to the wheel group:

Modify /etc/group and change the wheel line:

wheel:x:10:root,marshal

And edit /etc/pam.d/su and remove the hash
mark from the line:

auth sufficient /lib/security/$ISA/pam_wheel.so trust use_uid

Then the user can have root privileges just
by giving the command "su", without a password.
Mark Grant
Honored Contributor

Re: how to make an ordinary user, the SysAdmin

Alternatively, you may as well just assign the user ID 0.

I'm not saying you should do this though, because as soon as you give a user the kind of rights you want to, it doesn't matter how you do it, your security, logging and everything no longer means much at all. You may as well just give them the root password as mentioned above.

Having said all this, you might want to investigate "capabilities".
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txt

This allow fine grained control of permissions. For example, a user can have root access only for the period that they are doing a "mount". The rights are dropped immediately afterwards. This allows you to give a user much the same rigthts as root but without giving them the ability to alter "sudo" configurations and log files etc etc

Never preceed any demonstration with anything more predictive than "watch this"
Maaz
Valued Contributor

Re: how to make an ordinary user, the SysAdmin

so sorry for replying too late.
and Maany Thanks for the invaluable support

One More Question Gurus....

In windows, there is a group called Backup Operators, if a user belongs to Backup Operator, then he/she can take backup of any files/folders, even he/she can take backup of those files/folder on which he/she dont have even the read permission.

In Linux, What should I have to do, if I want to assign Backup Rights to an ordinary user, so that he/she can take backup of any files and folder under /home/.

Once again Many Thanks Olivier Drouin, Mogens Kjaer, and Mark Grant, for ur kind responses.

Peace

Maaz
Maaz
Valued Contributor

Re: how to make an ordinary user, the SysAdmin

plz help asap

Thanks in adv
Peace
Maaz
Maaz
Valued Contributor

Re: how to make an ordinary user, the SysAdmin

I think I should explain my need/question.
There is an ordinary(noon-root), user named marshal, to whome I(root), just want to give the right to take Backup of any files/folder under /home/. so that I would be free from taking Backup of every user's Home Diectory.
In other words what should I do, so that marshal becomes just Backup Admin, but not the System Admin.

Many Thanks

Peace
Maaz
Jerome Henry
Honored Contributor

Re: how to make an ordinary user, the SysAdmin

Hi,

I would set up a backup utilisty like amanda or mondo, and grant mondo user a password, that would be given to your backup operator...
http://www.microwerks.net/~hugo/

But why don't you use a cron job just to automate backup ? No need to grant privilege, no need to remember to ask if backup's been done, easy setup...
You can lean only on what resists you...
Francisco J. Soler
Honored Contributor

Re: how to make an ordinary user, the SysAdmin

Hi Maaz,

I think it is no possible to read files for an ordinary user if it have not read permissions.

Your best choice is the Jerome answer, this is install a backup software and set permissions only to a virtual user and/or manage backups through cron jobs.

Frank
Linux?. Yes, of course.
Olivier Drouin
Trusted Contributor

Re: how to make an ordinary user, the SysAdmin

sudo can also do this...

man sudo
man sudoers

just choose a backup program ( like 'dump' ) and assign the rights to execute it as root to your user.
Maaz
Valued Contributor

Re: how to make an ordinary user, the SysAdmin

Thanks Jerome Henry for the support. Infact here we are not using Amanda or mondo. We are using tar. Yes ur idea is good that is I can also set cron to take backups, but as u know that backup requirement are frequently changed, sometimes the whole /home backup is needed, but sometimes only the backup of /home/jasica/ is needed.
Francisco Soler, many thanks for ur response.

Olivier Drouin, Once again many thanks for ur kind support. Olivier Drouin, could u please write me the exact syntax /etc/sudoers, I m using tar.

Many Thanks

Maaz
Maaz
Valued Contributor

Re: how to make an ordinary user, the SysAdmin

Olivier Drouin, could u please write me the exact syntax /etc/sudoers, I m using tar.

Many Thanks

Maaz
Saravana Kumar_2
New Member

Re: how to make an ordinary user, the SysAdmin


Infact here we are not using Amanda or mondo. We are using tar. Yes ur idea is good that is I can also set cron to take backups, but as u know that backup requirement are frequently changed, sometimes the whole /home backup is needed, but sometimes only the backup of /home/jasica/ is needed.


Maaz,

how many such users u have like this.
Plan:
What are all the directories u have to backup.
Frequency of the backup.

By this you will get an idea which to backup & when. There are options in tar for incremental backups. I use tar too. Once in a week a full backup and incremental backup on week days would be a ideal choice.

HTH,
SK