On Wed, Jun 09, 2004 at 07:11:30PM +0200, Debian Users wrote: > Dear List, > > I would like to give a regular user the rights to do the following on a > Debian system: > > 1) Install a (secure) ldap server > 2) Test the server > 3) Fill in the address "data base" for this server > > Question: Does this user need full root privileges on this machine? Even > though this is only a test machine, I would rather not have him the rights > to change passwords and see users files. > > My hunch is, there is no other way but lending him full root access, but I > would be delighted to hear your wisdom! >
I don't know if it will give you the full limitations you want but it sounds like sudo is your friend, it allows limiting users to specific programs. Another solution is to make the relevant program suid root (runs as root), make it inaccessible to a regular user and executable to group and then set a relevant group and add the user to it (chmod 04710 <prog>) Third option is to run the server is a uml, then the user has root privilege in the uml but no root access to the system. > Regards, Stefan > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > +++++++++++++++++++++++++++++++++++++++++++ > This Mail Was Scanned By Mail-seCure System > at the Tel-Aviv University CC. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
