Re: Reg, User rights
Dear Team, This is subburaman from Bangalore, india.I have installed the FreeBSD6.2.Now i want to create a new User with Administrator rights.Please give me the guidelines for me. You can do one of four things. Create a user as per normal. Then, also add that userid to the wheel group. (Don't make wheel the user's primary group. Use a regular group for that. Just add their id in the /etc/group file to wheel. Then the user can log in to their regular account and if they need to do system level stuff, they would 'su' to a root account and do the operation. That would mean giving that user the password to a root account - either the main one or an additional one you make up. Create an additional root account for the user. For example, if the user has a regular id of fred, you might also create an Rfred. Make the UID and GID for that account each be '0'. You will want to make the home directory for that user be in the /root directory, for example, for a user Rfred, make the home directory /root/Rfred. Also put this id in the wheel group in /etc/group. I have run in to some routines that expect this even if the primary group is '0'. Set the password for that account and tell the user.One difficulty is that without loosening up access rules, the user will no be able to ssh in to the box with that account. So, make sure their regular account (fred) is also in the wheel group in /etc/group. They the user would initially log in as the regular user and su to the root account (su Rfred) as in the previous method. Install and set up sudo (/usr/ports/security/sudo) and create a configuration for that user so they can run specific commands that you specify and only those commands. This is a very good method, but sometimes it takes some careful thought to deal with the various commands and their possible arguments that you want to allow or disallow. Install a system management tool such as webmin (/usr/ports/sysutils/webmin) and configure it so the user can perform certain admin tasks. This is nice because it is web based and so it gives a nice GUI feel to it all. Overall, probably the third option (using sudo) is the best, especially if you are not completely trusting of the user you are giving priviledges to. If it is yourself and no one else, then the first method is probably best because it is simplest and most powerful. If really you like GUI interfaces and are willing to accept their limitations, that the forth one is best. The limitations consist of being dependant on only being able to do those things some developer already thought of doing and only in the ways that developer already thought of. Sort of like being stuck in an MS theme park. The second option is good for when you have a small number of users (max three or four) besides yourself, who are competent and absolutely trusted. It is as powerful as the first one, but lets you keep multiple root users somewhat separated. Note, when you create additional root users, eg users with a UID of '0', you must explicitely name their id on the passwd(1) command or else it will change the password for the main root id - or for the first root id it encounters in the /etc/passwd file. Note also, leave the real root as the first in the /etc/passwd file. jerry Thanks with regards Subburaman N ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reg, User rights
Create a user as per normal. Then, also add that userid to the wheel group. (Don't make wheel the user's primary group. Use a regular group for that. Just add their id in the /etc/group file to wheel. I prefer to use pw groupmod -m username I believe that is the official way to do it. Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reg, User rights
On Thu, Feb 22, 2007 at 03:33:50PM -0600, Jeffrey Goldberg wrote: On Feb 22, 2007, at 11:02 AM, Jerry McAllister wrote: Install and set up sudo (/usr/ports/security/sudo) and create a configuration for that user so they can run specific commands that you specify and only those commands. This is a very good method, but sometimes it takes some careful thought to deal with the various commands and their possible arguments that you want to allow or disallow. This is my choice. I haven't done a careful comparison of all of the methods you proposed, but I find this the most natural, particularly after using OS X for 5 years. This is what I do for myself (there are no other people with accounts on the particular machine.) In /etc/passwd I have a normal user and group that was setup during installation. A added that user to the wheel group in /etc/groups and configured /usr/local/etc/sudoers with the line %wheel ALL=(ALL) ALL This works just fine. Users in the wheel group can use sudo to execute things as root, but they only need their own passwords. Root's password is extremely good and basically never used, so it is stored away in some secure manner and doesn't exist in anybody's head. I like the idea of not having to give out a root-like password but still to require authentication when operating as root. Ever since I learned this trick from OS X, I've been using it everywhere I can install sudo. That is probably the best general solution if you want to give overall admin rights. But, often there is a reason to give only a limited set of root (admin) priviledges. Then the sudo config (sudoers) must be more complex and can get tricky if the limits are complicated. jerry -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reg, User rights
On Feb 22, 2007, at 11:02 AM, Jerry McAllister wrote: Install and set up sudo (/usr/ports/security/sudo) and create a configuration for that user so they can run specific commands that you specify and only those commands. This is a very good method, but sometimes it takes some careful thought to deal with the various commands and their possible arguments that you want to allow or disallow. This is my choice. I haven't done a careful comparison of all of the methods you proposed, but I find this the most natural, particularly after using OS X for 5 years. This is what I do for myself (there are no other people with accounts on the particular machine.) In /etc/passwd I have a normal user and group that was setup during installation. A added that user to the wheel group in /etc/groups and configured /usr/local/etc/sudoers with the line %wheel ALL=(ALL) ALL This works just fine. Users in the wheel group can use sudo to execute things as root, but they only need their own passwords. Root's password is extremely good and basically never used, so it is stored away in some secure manner and doesn't exist in anybody's head. I like the idea of not having to give out a root-like password but still to require authentication when operating as root. Ever since I learned this trick from OS X, I've been using it everywhere I can install sudo. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Reg, User rights
Dear Team, This is subburaman from Bangalore, india.I have installed the FreeBSD6.2.Now i want to create a new User with Administrator rights.Please give me the guidelines for me. Thanks with regards Subburaman N ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Reg, User rights
Hi, While creating user accout using 'adduser' command, give 'Login group' as 'wheel' which will give administrator rights for that particular username. Regards. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of subbu ramanN Sent: Wednesday, February 21, 2007 3:53 PM To: [EMAIL PROTECTED] Subject: Reg, User rights Dear Team, This is subburaman from Bangalore, india.I have installed the FreeBSD6.2.Now i want to create a new User with Administrator rights.Please give me the guidelines for me. Thanks with regards Subburaman N ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reg, User rights
[Format recovered - PLEASE don't top post! ] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of subbu ramanN Sent: Wednesday, February 21, 2007 3:53 PM To: [EMAIL PROTECTED] Subject: Reg, User rights Dear Team, This is subburaman from Bangalore, india.I have installed the FreeBSD6.2.Now i want to create a new User with Administrator rights.Please give me the guidelines for me. Thanks with regards Subburaman N On Wed, 21 Feb 2007 16:30:10 +0530 [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: RE: Reg, User rights Date: Wed, 21 Feb 2007 16:30:10 +0530 Sender: [EMAIL PROTECTED] Hi, While creating user accout using 'adduser' command, give 'Login group' as 'wheel' which will give administrator rights for that particular username. Regards. Hi Subburaman, please read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/users.html Membership to the wheel group will give you some more access than not belonging to that group, but probably is not what you have in mind (if you come from a MS Windows background where belonging to Administrator group is all you really need to wreak hav[del del] err... manage a system ;). It will definitely allow you to su to root... _ {Beto|Norberto|Numard} Meijome Anyone who isn?t confused here doesn?t really understand what?s going on. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]