On Thu, Apr 28, 2005 at 06:45:53PM +0200, Rakotomandimby (R12y) Mihamina wrote: > I want an user to be able to create/delete users and groups. > What's the best way to do it? > - adding him to the "root" group? > - is there a specific group for that? > - what way would you suggest ? How much do you trust this user? Because without careful control, if someone has the ability to add users, they could add a user with full root access quite easily. Assuming that you trust them not to do that, or to mess with other system accounts, here's what I'd suggest: add the user to the "wheel" group, and then add the line "UGROUPS=wheel" to the file /etc/security/console.apps/system-config-users. This will make it so any members of that group can run the system-config-users program by entering their own password, not root's. "Wheel" is the tradition generic "administrative privileges" group -- you could create something more specific if you want. But *don't* just add them to the root group, because then their account will have root-equivalent access all of the time -- and see the "brute force ssh attack" thread for why that's a bad idea. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 77 degrees Fahrenheit.
