User to manage users.

Support for security such as Firewalls and securing linux
Post Reply
tlf30
Posts: 42
Joined: 2012/11/17 17:55:59
Contact:
Contact tlf30

User to manage users.

Post by tlf30 » 2014/03/05 04:51:39

I have a user and a group, and I need this user to be able to create/edit/delete users in this group. Editing includes changing the passwords of the groups users.
I just need a really simple way to do this.

Thanks,
Trevor
Top
drk
Posts: 405
Joined: 2014/01/30 20:38:28

Re: User to manage users.

Post by drk » 2014/03/05 20:28:26

Probably an easy way to do it through sudoers. "man sudoers" and/or Google some examples :)
Top
tlf30
Posts: 42
Joined: 2012/11/17 17:55:59
Contact:
Contact tlf30

Re: User to manage users.

Post by tlf30 » 2014/03/09 15:52:59

I have tried to do this through sudo but have not found a way to do this. I need a user that can ONLY manage other users in a specific group.
Top
Whoever
Posts: 1361
Joined: 2013/09/06 03:12:10

Re: User to manage users.

Post by Whoever » 2014/03/09 19:28:52

tlf30 wrote:I have tried to do this through sudo but have not found a way to do this. I need a user that can ONLY manage other users in a specific group.
I think that the way you do this is create a script (or a set of scripts) that can do only the specific operations you need (and not any more). The script will be a wrapper around the various useradd/del/mod commands. Give it 700 permissions and grant access to it via sudo to the users you want. Alternatively, you could make the script setuid (4770), change the group ownership to one that only the users that you want to grant permisisons are in. Don't use csh for scripting because a c-shell script cannot be made secure.
Top
gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: User to manage users.

Post by gerald_clark » 2014/03/09 19:40:46

Shell scripts cannot be run with the suid bit.
Top
JaneLei
Posts: 1
Joined: 2014/03/18 22:50:35

Re: User to manage users.

Post by JaneLei » 2014/03/19 00:03:02

It seems that what you desire is a group admin and no additional priviledges. You can successfully make a user a group admin without giving it any more priviledges using the command "gpasswd -A user group"

Here is an example:

[root@localhost etc]# gpasswd -A TGA GroupAdminTest

-A makes the user a group admin
TGA in my case is the user to be made admin over the group
GroupAdminTest is the group name TGA will be admin over

Here is a link I found online with more examples and explanations ;)
http://www.computerhope.com/unix/gpasswd.htm
Top
tlf30
Posts: 42
Joined: 2012/11/17 17:55:59
Contact:
Contact tlf30

Re: User to manage users.

Post by tlf30 » 2014/04/03 18:22:29

JaneLei wrote:It seems that what you desire is a group admin and no additional priviledges. You can successfully make a user a group admin without giving it any more priviledges using the command "gpasswd -A user group"

Here is an example:

[root@localhost etc]# gpasswd -A TGA GroupAdminTest

-A makes the user a group admin
TGA in my case is the user to be made admin over the group
GroupAdminTest is the group name TGA will be admin over

Here is a link I found online with more examples and explanations ;)
http://www.computerhope.com/unix/gpasswd.htm
Thanks you so much! This was exactly what I was looking for!
Top
Post Reply

Return to “CentOS 6 - Security Support”