I have a user and a group, and I need this user to be able to create/edit/delete users in this group. Editing includes changing the passwords of the groups users.
I just need a really simple way to do this.
Thanks,
Trevor
User to manage users.
Re: User to manage users.
Probably an easy way to do it through sudoers. "man sudoers" and/or Google some examples
Re: User to manage users.
I have tried to do this through sudo but have not found a way to do this. I need a user that can ONLY manage other users in a specific group.
Re: User to manage users.
I think that the way you do this is create a script (or a set of scripts) that can do only the specific operations you need (and not any more). The script will be a wrapper around the various useradd/del/mod commands. Give it 700 permissions and grant access to it via sudo to the users you want. Alternatively, you could make the script setuid (4770), change the group ownership to one that only the users that you want to grant permisisons are in. Don't use csh for scripting because a c-shell script cannot be made secure.tlf30 wrote:I have tried to do this through sudo but have not found a way to do this. I need a user that can ONLY manage other users in a specific group.
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: User to manage users.
Shell scripts cannot be run with the suid bit.
Re: User to manage users.
It seems that what you desire is a group admin and no additional priviledges. You can successfully make a user a group admin without giving it any more priviledges using the command "gpasswd -A user group"
Here is an example:
[root@localhost etc]# gpasswd -A TGA GroupAdminTest
-A makes the user a group admin
TGA in my case is the user to be made admin over the group
GroupAdminTest is the group name TGA will be admin over
Here is a link I found online with more examples and explanations
http://www.computerhope.com/unix/gpasswd.htm
Here is an example:
[root@localhost etc]# gpasswd -A TGA GroupAdminTest
-A makes the user a group admin
TGA in my case is the user to be made admin over the group
GroupAdminTest is the group name TGA will be admin over
Here is a link I found online with more examples and explanations
http://www.computerhope.com/unix/gpasswd.htm
Re: User to manage users.
Thanks you so much! This was exactly what I was looking for!JaneLei wrote:It seems that what you desire is a group admin and no additional priviledges. You can successfully make a user a group admin without giving it any more priviledges using the command "gpasswd -A user group"
Here is an example:
[root@localhost etc]# gpasswd -A TGA GroupAdminTest
-A makes the user a group admin
TGA in my case is the user to be made admin over the group
GroupAdminTest is the group name TGA will be admin over
Here is a link I found online with more examples and explanations
http://www.computerhope.com/unix/gpasswd.htm