On Fri, 13 Dec 2002, Brian York wrote: > How can I setup users to have the same permissions and access to all > programs and files that root has? > I am one of 5 network admins and I don't want any of us to use root. > > Ownership of files can still be owned by each user but all 5 admins should > be able to wrx them.
You can create a new group then assign these file to that group. For example, the /sbin/ifconfig file has the following permissions: -rwxr-x--- 1 root root 48316 Oct 3 2000 /sbin/ifconfig rwx for owner r x for group none for other You can chgrp the file to, say, the wheel group then add the other admins to the wheel group. As for access to the programs, make sure that the /sbin and /usr/sbin directories are in the admin's PATH. If not, you'll get a "command not found" error when you type the commands at the shell. Access to these files won't automatically grant permissions to change privileged configurations however. There are things you can do to allow it, but it may be easier to enforce a policy that all admins must login with their own ID then su to root to make changes. This way the logfiles will leave an audit trail. There are also programs such as sudo that will allow non-privileged users to run restricted commands with su privileges. There's also a way to make a binary run as the owner of the file but this can be dangerous in many circumstances. I.e., if the program allows shell access or the ability to interact in any way with the filesystem, then the user can easily elevate their privileges.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
