Fedora Users — Re: How to give administrative previledges

Re: How to give administrative previledges

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Subject: Re: How to give administrative previledges

From: Chethiya K Ranaweera <ckranaweera@xxxxxxxxx>

Date: Wed, 6 Apr 2005 20:24:26 -0400

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=Blqpru6u3174FG3Hsw9qouxkEp7jmPycjFSFrmRKyb0kOM76vDDFcOPZMAc7uOgyEs23EJR82LmcBAV/1s1ws/l6AXeYwsZ7P9GiwC9+2PvntVskUZcH9XEpqamBjGAOmnuwuVbC8fzgdK/XOIqG/kQ09IxFhuBQL5FBdF4zfeY=

In-reply-to: <[email protected]>

List-archive: <https://www.redhat.com/archives/fedora-list>

List-help: <mailto:[email protected]?subject=help>

List-id: For users of Fedora Core releases <fedora-list.redhat.com>

List-post: <mailto:[email protected]>

List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>

List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>

References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

Reply-to: Chethiya K Ranaweera <ckranaweera@xxxxxxxxx>, For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On Apr 6, 2005 4:12 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> On Wed, 2005-04-06 at 14:21, Scot L. Harris wrote:
> > >
> > > Giving root password to a user is not wise. My question is why can't
> > > we give change GID to 0 or some thingelse and grant any aceess to
> > > somebody else, let's say, a part-time administrator?? So that he can
> > > update the system, look in /lost+found ...etc.
> >
> > Granting even partial privileges problematic.  You must trust the user
> > you are giving that ability to.  Allowing someone to update the system
> > and access pretty much anything on the system via any means is the same
> > as giving them root password.
> >
> > If you are trying to provide limited admin access the proper way is what
> > has been suggested, use sudo to provide the limited access.
> >
> > If you want to allow someone to do pretty much anything then they should
> > be allowed to use su - to get root access.  If you don't trust them with
> > that then I would not trust them to update the system.
> >
> > Not giving out root access but allowing them to do anything on the
> > system that requires root access does not make much sense.
> 
> Realistically, someone who had to ask that question in the first place
> is not going to be able to configure sudo to the extent needed to
> allow a useful set of operations but prevent unauthorized operations.
> That's probably not even possible - for example you might want an
> operator to be able to change all passwords except for root.
> So, you might as well admit that you have to trust the person doing
> the administration.  If you don't, I'd consider webmin as a better
> starting place than sudo.
> 
> --
>  Les Mikesell
>   les@xxxxxxxxxxxxxxxx
> 
> 
> --
So if this is the case, I would like to pose a question from my
original assumption. What is the purpose of having a GID for root?
>From the above discussion, what I understand is that, even if you
modify /etc/sudoers (say, give a user admin access by adding (ALL) ALL
), the system is not going to give *ALL* admin access to that user. So
in that case, I truely do not understand of having a UID for root.