Re: User Privilege in RH 7.3

From: Robert Heller (heller_at_deepsoft.com)
Date: 09/16/03

• Next message: n1pop_at_hotmail.com: "Re: Windows vs Linux Security"
• Previous message: Max Burke: "Re: DDOS attack Microsoft"
• In reply to: Sam: "Re: User Privilege in RH 7.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Tue, 16 Sep 2003 20:04:26 +0000

  "Ed Murphy" <emurphy42@socal.rr.com>,
  In a message on Tue, 16 Sep 2003 19:23:15 GMT, wrote :

"M> On Tue, 16 Sep 2003 09:14:13 -0700, Sam wrote:
"M>
"M> > Yes i can creat new user, but they all have low privileges, they can
"M> > read, write, and execute stuff of they own. But i like each user would be
"M> > able to mount a new device (such as CD, or Disck, or a Windows partitioned
"M> > hd), without changing to root.
"M> > Is it posible to creat a user with this privileg ??
"M> > I did tried user manager, but dident succeed.
"M>
"M> Don't do it that way. For each root-task that you want anyone to be able
"M> to do, create a script (say /usr/local/bin/whatever) that does it. Then,
"M> as root:
"M>
"M> chown root:root /usr/local/bin/whatever
"M> chmod 755 /usr/local/bin/whatever
"M> chmod +s /usr/local/bin/whatever
"M>
"M> (Is this correct?)

Not really. *Modern* UNIXes (including Linux) no longer allow setuid
*scripts*, since they are a major security problem.

Instead, there are two alternatives:

1) Under Linux, the *mount* command has a special case -- if a mount
point, described in /etc/fstab, has the 'user' option set, mount will
let any random user mount the file system (and then let *that* user
umount it). I don't know if other flavors of UNIX implement this sort
of feature. Some UNIXes GUI sub-systems include media daemons that will
auto-magically mount CD-ROMs (Irix and Solaris have these sorts of
things).

2) For other tasks, there is sudo. 'man sudoers' The /etc/sudoers
file can be used to define sets of users who are allowed to do selected
super user tasks.

"M>
"M>

                                     \/
Robert Heller ||InterNet: heller@cs.umass.edu
http://vis-www.cs.umass.edu/~heller || heller@deepsoft.com
http://www.deepsoft.com /\FidoNet: 1:321/153

                                                                                     

---

• Next message: n1pop_at_hotmail.com: "Re: Windows vs Linux Security"
• Previous message: Max Burke: "Re: DDOS attack Microsoft"
• In reply to: Sam: "Re: User Privilege in RH 7.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: User Privilege in RH 7.3 ... "> Yes i can creat new user, but they all have low privileges, they can ... "> able to mount a new device (such as CD, or Disck, or a Windows partitioned ... For smbmount, you need to change smbmount mode to given it setuid privs ... (comp.os.linux.misc) Re: User Privilege in RH 7.3 ... Yes i can creat new user, but they all have low privileges, they can ... read, write, and execute stuff of they own. ... (comp.os.linux.misc) Re: Samba Share ... Creat a mount point: sudo mkdir /media/YourMountPiontName ... Creat a hidden password file in your home directory called .smbpasswd: ... echo password=YourPassword>> .smbpasswd ... (Ubuntu)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)