[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: adduser not by root



Since adding a user basicly means writing to
/etc/passwd (or /etc/shadow, or whatever) on
most single-server environments, you can't.

You can obviously make adduser suid, but that
would be fatally stupid since then anyone will
be able to create a root accout (I wouldn't
go for sudo either, it amounts to the same
thing unless you write your own frontend
which does tons of sanity/taint checks on the input).

So what you actually need is some sort of access-management
system. Linux-conf allows you to delegate the right
to add users to users w-o giving them root access,
and there are quite a lot of other systems out there
that do the same (Webmin is another).

Choose carefully, it's very easy to
create security holes that you can fly a 747 through.

Ben-Nes Michael wrote:
> 
> Hi All
> 
> How can i tell the system to allow other users to be able to adduser ?
> 
> --
> --------------------------
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --------------------------
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il

-- 
-------------------------------------------------------------------------
| Omer Efraim            |             Earth First!                     |
| omere@tcmail.tau.ac.il | We can Strip Mine the other planets later... |
-------------------------------------------------------------------------

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il