Search This Blog

Monday, August 23, 2010

Linux Administration

Today i have decided to give a try on Linux administration.

Not to use root account anymore:
First all all i will make a firm decision not to use root account for my daily purpose.
How how do i do my daily task?
I will make two users named admin and worker.
Admin:
Admin user will be given admin privilege to do Admin specific tasks.
Worker:
Normal user of the machine, who is restricted from admin tasks.
Step 1:
Create two users:
Login with root
# useradd admin
# passwd admin
Changing password for user admin.
New UNIX password:
BAD PASSWORD: it is too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# useradd worker
# passwd worker
Changing password for user worker.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

Now its time to give Admin user some more privileges than worker user.
Login with root user.

Just keep the backup of /etc/sudoers file using

#cp /etc/sudoers /etc/sudoers.old

type
#visudo in command prompt.(This will modify /etc/sudoers file.This command is better way to modify /etc/sudoers than issuing vi /etc/sudoers .)

Modify the file accordingly
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS

User_Alias ADMINS = admin

## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

%admin ALL=(ALL) ALL

save it using esc :wq.


Now you have added admin user in sudoers file with all command execution rights.
Note : visudo is a command line utility to edit /etc/sudoers file.
Its recommended to avoid vi editor.

Now its time to check if whatever is done is working or not.

Lets open two separate terminals.
one for admin user and one for worker user.
Now try to run any command which need root privileges to run.(I m using ifconfig here).
[admin@localhost ~]$ ifconfig
-bash: ifconfig: command not found
[worker@localhost ~]$ ifconfig
-bash: ifconfig: command not found
As you observe both users are unable to run the command.

With admin terminal type following.
#/sbin/ifconfig
It will display the output as admin user is added in sudoer file with all command privilege.
The same can't be done with worker user.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)