Basically, Rodolfo, you cannot do what you want. In reality Linux has
exactly one root account with multiple doors into the account, each
with slightly different characteristics and names for login. But they
are all the same account, account 0. So you can create all the root
accounts you want with all the names you want but they are still "root".
Linux is not Windows. Nor can it easily be bent to act like Windows in
this regard. You MIGHT be able to pervert SELinux to achieve the effect
you want, since it is access list based. However, your level of
ignorance in this regard betrays itself in your asking how to do this.
It is basically bloody stupid to attempt to run the machine as a user
with too many privileges. The really easy ability to run programs as
root or log a terminal session in as root for performing "rootish"
tasks makes living as a root account rather silly. It also means
you must run "chkrootkit" several times a day to keep your system
clean. You also must run urpmi several times a day to stay absolutely
up to date on security patches. Or else keep it as a hobby machine with
absolutely nothing personal or critical on it. In spite of the touching
comments here about Linux being virus free it is not compromise free.
It just has a longer lifetime when the typical configuration is exposed
to the Internet, days rather than minutes. Within a year it would not
really be your machine anymore even though you'd be paying the electric
bill to keep it running for its owner.
{^_^}
----- Original Message -----
From: <[EMAIL PROTECTED]>
Thanks Todd, thanks Richard:
Todd wrote:
>I really
>question the need to have your entire system group owned by a simple
>user. Sounds like a recipe for disaster to me. Better to su when you
>need to, or learn how to set up sudo.
Richard wrote:
>"Are you sure you know what you're
>doing?"
>
>To me this is highly dangerous from the point of view of system security
>and stability.
>
>What are you trying to achieve? There has to be a better way.
Todd, Richard:
if I only allow the group 'rodolfo' to read those directories
and not to modify them in any way, then I don't see the danger.
Anyhow, if the system tries so hard to oppose to what I'm doing
it's quite clear that I'm trying to achieve what I want the wrong way.
What I wish to do though is quite simple.
'rodolfo' is a normal user, but Rodolfo (me) is also the superuser,
whereas say, 'alberto' is only a normal user.
Then I wish to adopt for alberto a security level 4, i.e. alberto
should not be able to see the '/' nor the '/home' directory
(although he should be able to see and use the /mnt directory)
and for rodolfo a level security 2, i.e. he should be able to see
(but not to modify) the '/' dir and its subdirs.
Now, the command 'chmod' as far as I know cannot diversify different
permissions to different users: if I do, e.g., 'chmod -r /',
this will prevent *all* users (not only alberto) to read the '/' directory.
Even if I do 'chmod u-r /' or 'chmod g-r /' or 'chmod o-r /'
the problem remains unless I don't first change the ownership
of the dirs whose readability I want to attribute to rodolfo and not to
alberto.
That's why I did, under a security level 2:
# chgrp rodolfo /
# chgrp rodolfo /*
# chmod o-r /
# chmod o-r /*
# chmod o+rwx /mnt
# chmod g+rwx /mnt
; but, as we saw, the first two operations were not permanent.
Maybe you could suggest a better way to achieve this purpose?
Sorry if I was a little confusing, but the matter is not immediate to
explain.
Thanks,
Rodolfo
____________________________________________________________
Regala e regalati Libero ADSL: 3 mesi gratis, navighi veloce e scarichi a
1.2 Mega.
Abbonati subito senza costi di attivazione su http://www.libero.it
----------------------------------------------------------------------------
----
> ____________________________________________________
> Want to buy your Pack or Services from MandrakeSoft?
> Go to http://www.mandrakestore.com
> Join the Club : http://www.mandrakeclub.com
> ____________________________________________________
>
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
