Pseudo user accounts??? Help

Pseudo user accounts??? Help

Post by <dgutier.. » Thu, 19 Apr 2001 23:58:31



Someone made the suggestion of creating pseudo user accounts, rather than
giving users root access to a system.  Is there such a thing?

I guess they want to be able to give users a high level of access to the
system without actually supplying the root password.  Does this make sense?

 
 
 

Pseudo user accounts??? Help

Post by Daniel Tat » Fri, 20 Apr 2001 00:14:38


Use sudo
(super user do)


Quote:> Someone made the suggestion of creating pseudo user accounts, rather than
> giving users root access to a system.  Is there such a thing?

> I guess they want to be able to give users a high level of access to the
> system without actually supplying the root password.  Does this make
sense?


 
 
 

Pseudo user accounts??? Help

Post by David Gutierre » Fri, 20 Apr 2001 01:12:51


Where is this "sudo" command located?  I coudnt find it on my system.


> Use sudo
> (super user do)



> > Someone made the suggestion of creating pseudo user accounts, rather
than
> > giving users root access to a system.  Is there such a thing?

> > I guess they want to be able to give users a high level of access to the
> > system without actually supplying the root password.  Does this make
> sense?

 
 
 

Pseudo user accounts??? Help

Post by Daniel Tat » Fri, 20 Apr 2001 01:18:22


Download it from www.sunfreeware.com


> Where is this "sudo" command located?  I coudnt find it on my system.



> > Use sudo
> > (super user do)



> > > Someone made the suggestion of creating pseudo user accounts, rather
> than
> > > giving users root access to a system.  Is there such a thing?

> > > I guess they want to be able to give users a high level of access to
the
> > > system without actually supplying the root password.  Does this make
> > sense?

 
 
 

Pseudo user accounts??? Help

Post by David Gutierre » Fri, 20 Apr 2001 01:26:09


Do you know if "sudo" is also available for other flavors of Unix?


> Download it from www.sunfreeware.com



> > Where is this "sudo" command located?  I coudnt find it on my system.



> > > Use sudo
> > > (super user do)



> > > > Someone made the suggestion of creating pseudo user accounts, rather
> > than
> > > > giving users root access to a system.  Is there such a thing?

> > > > I guess they want to be able to give users a high level of access to
> the
> > > > system without actually supplying the root password.  Does this make
> > > sense?

 
 
 

Pseudo user accounts??? Help

Post by William F. Wyat » Fri, 20 Apr 2001 02:33:05


I don't know the accepted pronounciation of 'sudo', but clearly
'someone' pronounced it as 'pseudo'.


> Use sudo
> (super user do)



> > Someone made the suggestion of creating pseudo user accounts, rather than
> > giving users root access to a system.  Is there such a thing?

> > I guess they want to be able to give users a high level of access to the
> > system without actually supplying the root password.  Does this make
> sense?

--

   Smithsonian Astrophysical Observatory  (Cambridge, MA, USA)
 
 
 

Pseudo user accounts??? Help

Post by Barry Margoli » Fri, 20 Apr 2001 02:48:16




>Do you know if "sudo" is also available for other flavors of Unix?

Yes, it's a very popular addon, that should work on any flavor of Unix.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

Pseudo user accounts??? Help

Post by Mathew Kirsc » Fri, 20 Apr 2001 21:21:25



> Someone made the suggestion of creating pseudo user accounts, rather than
> giving users root access to a system.  Is there such a thing?

> I guess they want to be able to give users a high level of access to the
> system without actually supplying the root password.  Does this make sense?

I think they're talking about "sudo" which is a freeware program that allows
you to tightly control who has root access to which commands without having to
give out the root password.
 
 
 

Pseudo user accounts??? Help

Post by Mathew Kirsc » Fri, 20 Apr 2001 21:22:29



> Do you know if "sudo" is also available for other flavors of Unix?

You can download the source code and compile it on pretty much any of the
major flavors of UNIX. I've used it on SunOS, Solaris, Linux, and AIX.
 
 
 

Pseudo user accounts??? Help

Post by Mathew Kirsc » Fri, 20 Apr 2001 21:24:09



> I don't know the accepted pronounciation of 'sudo', but clearly
> 'someone' pronounced it as 'pseudo'.

Correct pronunciation: SOO-doo
Incorrect pronunciation: soo-DOUGH

Incorrect pronunciation as Homer Simpson: soo-D'oh!

 
 
 

Pseudo user accounts??? Help

Post by Reinier Po » Mon, 30 Apr 2001 02:42:48



>Someone made the suggestion of creating pseudo user accounts, rather than
>giving users root access to a system.  Is there such a thing?

Yes.  You can create special accounts for particular purposes.  In this
way, privileges can be restricted to exactly what the service needs and
nothing else.

Another approach is to allow a user to assume the identity of another
user for specific tasks only.  This is what the 'sudo' tool allows you
to do.

Quote:>I guess they want to be able to give users a high level of access to the
>system without actually supplying the root password.  Does this make sense?

Yes, and sudo supports this, but don't hand out root privileges if you
can avoid it.  This is where the 'pseudo' user accounts can be helpful.

For instance, when I installed the 'updatedb' program, which indexes the
ile system to allow fast filename searches with locate(1), I decided
it should only be able to read the files that *any* user can read, and
the indexes it writes should not be writeable by any other user.  So I
created a 'find' account to run updatedb as.  Nobody can log in as 'find'.

Another example: let's suppose you want to delegate the installation
and upgrading of the Apache webserver to some other user, without
tying it to their normal account.  This makes sense if the maintainer
is likely to change often, or simply for accounting purposes.  You can
create an 'apache' user'; the whole Apache software installation belongs
to this user, and the actual Apache maintainer logs in as 'apache' to do
maintenance.  The only thing that requires root permission is the actual
start of the server, if it runs on the standard port; either you leave
this task with root or you use sudo to allow 'apache' root privileges
for this one specific command.  This is a much safer approach than
handing out the root password to a person who only needs it to restart
Apache once in a while.

--
Reinier Post